Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.

Related CPE's

a

ge

industrial_gateway_server

Vulnerable

a

ptc

kepware_kepserverex

Vulnerable

a

ptc

opc-aggregator

Vulnerable

a

ptc

thingworx_industrial_connectivity

-

Vulnerable

a

ptc

thingworx_kepware_edge

Vulnerable

a

ptc

thingworx_kepware_server

Vulnerable

a

rockwellautomation

kepserver_enterprise

Vulnerable

a

softwaretoolbox

top_server

Vulnerable

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-22-1454/

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-122

[email protected]

Secondary
CWE-119

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.1 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-29T19:15:11.680

1 year ago

Last modified

2023-04-20T16:15:07.350

1 year ago