CVSS: 9.1EPSS: 1%CPEs: 11EXPL: 0CVE-2020-27263
https://notcve.org/view.php?id=CVE-2020-27263
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x son vulnerables a un desbordamiento de búfer en la región heap de la memoria. Abrir un mensaje OPC UA específicamente diseñado podría permitir a un atacante bloquear el servidor y potencialmente filtrar datos • https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 11EXPL: 0CVE-2020-27267
https://notcve.org/view.php?id=CVE-2020-27267
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. KEPServerEX versiones v6.0 hasta v6.9, ThingWorx Kepware Server versiones v6.8 y v6.9, ThingWorx Industrial Connectivity (todas las versiones), OPC-Aggregator (todas las versiones), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server versiones v7.68.804 y v7.66, y Software Toolbox TOP Server, todas las versiones 6.x, son vulnerables a un desbordamiento del búfer en la región heap de la memoria. Abrir un mensaje OPC UA específicamente diseñado podría permitir a un atacante bloquear el servidor y potencialmente filtrar datos • https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13573
https://notcve.org/view.php?id=CVE-2020-13573
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del servidor Ethernet/IP de Rockwell Automation RSLinx Classic versión 2.57.00.14 CPR 9 SR 3. Una petición de red especialmente diseñada puede conllevar a una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5807
https://notcve.org/view.php?id=CVE-2020-5807
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected. Un atacante remoto no autenticado puede enviar datos al archivo RsvcHost.exe escuchando en el puerto TCP 5241 para agregar entradas en el registro de evento de FactoryTalk Diagnostics. • https://www.tenable.com/security/research/tra-2020-71 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5801
https://notcve.org/view.php?id=CVE-2020-5801
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. Un atacante puede crear y enviar un mensaje OpenNamespace al puerto 4241 con un ID de sesión válido que desencadena una excepción no controlada en la función CFTLDManager::HandleRequest en la biblioteca RnaDaSvr.dll, resultando en una terminación del proceso. Observado en FactoryTalk Linx versión 6.11. • https://www.tenable.com/security/research/tra-2020-71 • CWE-755: Improper Handling of Exceptional Conditions •