![]() Vera Mens, Uri Katz, and Sharon Brizinov of Claroty Research, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to PTC. COMPANY HEADQUARTERS LOCATION: United States.CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors.A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and remotely execute code.ĬVE-2022-2825 has been assigned to this vulnerability. 4.2.2 STACK-BASED BUFFER OVERFLOW CWE-121 A CVSS v3 base score of 9.1 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and leak data.ĬVE-2022-2848 has been assigned to this vulnerability. Software Toolbox TOP Server: Versions prior to v6.12Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122.GE Digital Industrial Gateway Server: Versions prior to v7.612.Rockwell Automation KEPServer Enterprise: Versions prior to v6.12.The following products are known to be vulnerable: ThingWorkx Kepware Edge: Versions 1.4 and prior.ThingWorkx Industrial Connectivity: All versions.ThingWorkx Kepware Server: Versions prior to 6.12.Kepware KEPServerEX: Versions prior to 6.12.The following PTC products are affected by vulnerabilities found in Kepware KEPServerEX, a connectivity platform: Successful exploitation of these vulnerabilities could allow an attacker to crash the device or remotely execute arbitrary code. ![]() ![]() This updated advisory is a follow-up to the original advisory titled ICSA-22-242-10 PTC Kepware KEPServerEX that was published August 30, 2022, to the ICS webpage at 3. ![]() Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow.ATTENTION: Exploitable remotely/low attack complexity. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |