Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27265

EPSS 0.08% · P23
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-27265

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款 Kepware 产品缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kepware Kepserverex是美国Kepware公司的一个可与多种工业设备进行通讯的应用软件。该软件支持150多个通讯协议,支持通过单个平台为企业提供可靠实时的数据。 多款Kepware产品存在缓冲区错误漏洞,该漏洞源于受影响的产品容易发生基于堆栈的缓冲区溢出。打开一个特别设计的OPC UA消息可能允许攻击者可利用该漏洞使服务器崩溃并远程执行代码。以下产品及版本受到影响:KEPServerEX: v6.0到v6.9,ThingWorx Kepware Server: v6.8和v6.9,Thin
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server v6.0 to v6.9 -

II. Public POCs for CVE-2020-27265

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-27265

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-01-13 · 31 CVEs total

CVE-2020-9142Huawei Emui 和 Honor Magic Ui 缓冲区错误漏洞
CVE-2020-28374Linux kernel 路径遍历漏洞
CVE-2020-36191JupyterHub 跨站请求伪造漏洞
CVE-2020-35686Sound Research DCHU 代码问题漏洞
CVE-2021-3139Open Iscsi Tcmu-runner 路径遍历漏洞
CVE-2021-31311c Enterprise 加密问题漏洞
CVE-2021-23899Owasp Json-sanitizer 代码问题漏洞
CVE-2021-23900Owasp Json-sanitizer 输入验证错误漏洞
CVE-2021-3028Git Big Ppicture 输入验证错误漏洞
CVE-2020-35687Phpfusion 跨站请求伪造漏洞
CVE-2020-23653ThinkAdmin 代码问题漏洞
CVE-2020-9144Huawei Emui 和 Honor Magic Ui 缓冲区错误漏洞
CVE-2020-27488Loxone Miniserver 授权问题漏洞
CVE-2020-9145华为智能手机缓冲区错误漏洞
CVE-2020-35578Nagios XI 操作系统命令注入漏洞
CVE-2020-27263Kepware Kepserverex 缓冲区错误漏洞
CVE-2020-9143华为智能手机授权问题漏洞
CVE-2020-9141华为智能手机数据伪造问题漏洞
CVE-2020-9140华为智能手机缓冲区错误漏洞
CVE-2020-9139Huawei Emui 和 Honor Magic Ui 输入验证错误漏洞

Showing top 20 of 31 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-121

V. Comments for CVE-2020-27265

No comments yet

Leave a comment