Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Title
Уязвимость программного обеспечения OPC-серверов Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании
Description
Уязвимость программного обеспечения OPC-серверов Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к защищаемой информации или вызвать отказ в обслуживании
Severity
Vendor
PTC, Сообщество свободного программного обеспечения, Rockwell Automation Inc., General Electric Company
Software Name
Kepware KEPServerEX, Theme Park Ticketing System, OPC-Aggregator, KEPServer Enterprise, Digital Industrial Gateway Server
Software Version
от 6.6 до 6.6.362.0 (Kepware KEPServerEX), от 6.7 до 6.7.1067.0 (Kepware KEPServerEX), от 6.8 до 6.8.838.0 (Kepware KEPServerEX), от 6.9 до 6.9.584.0 (Kepware KEPServerEX), от 8.4 до 8.4 (6.6.362.0) (Theme Park Ticketing System), от 8.5 до 8.5 (6.7.1068.0) (Theme Park Ticketing System), от 6.9 до 6.9.584.0 (OPC-Aggregator), от 6.6 до 6.6.550.0 (KEPServer Enterprise), от 6.9 до 6.9.584.0 (KEPServer Enterprise), от 7.68.804 до 7.68.839.0 (Digital Industrial Gateway Server), от 7.66 до 7.68.839.0 (Digital Industrial Gateway Server)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Обновление программного обеспечения до актуальной версии
Компенсирующие меры:
- сегментирование сети для ограничения доступа к промышленному сегменту;
- ограничение доступа из внешних сетей (Интернет);
- использование средств межсетевого экранирования уровня веб-приложений для ограничения возможности удалённого доступа;
- использование виртуальных частных сетей для организации удаленного доступа (VPN).
Reference
https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
CWE
CWE-122, CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "PTC, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Rockwell Automation Inc., General Electric Company",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 6.6 \u0434\u043e 6.6.362.0 (Kepware KEPServerEX), \u043e\u0442 6.7 \u0434\u043e 6.7.1067.0 (Kepware KEPServerEX), \u043e\u0442 6.8 \u0434\u043e 6.8.838.0 (Kepware KEPServerEX), \u043e\u0442 6.9 \u0434\u043e 6.9.584.0 (Kepware KEPServerEX), \u043e\u0442 8.4 \u0434\u043e 8.4 (6.6.362.0) (Theme Park Ticketing System), \u043e\u0442 8.5 \u0434\u043e 8.5 (6.7.1068.0) (Theme Park Ticketing System), \u043e\u0442 6.9 \u0434\u043e 6.9.584.0 (OPC-Aggregator), \u043e\u0442 6.6 \u0434\u043e 6.6.550.0 (KEPServer Enterprise), \u043e\u0442 6.9 \u0434\u043e 6.9.584.0 (KEPServer Enterprise), \u043e\u0442 7.68.804 \u0434\u043e 7.68.839.0 (Digital Industrial Gateway Server), \u043e\u0442 7.66 \u0434\u043e 7.68.839.0 (Digital Industrial Gateway Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.12.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.12.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-09019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-27263, ICSA-20-352-02",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Kepware KEPServerEX, Theme Park Ticketing System, OPC-Aggregator, KEPServer Enterprise, Digital Industrial Gateway Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f OPC-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f OPC-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}
ICSA-20-352-02
Vulnerability from csaf_cisa - Published: 2020-12-17 00:00 - Updated: 2021-01-05 00:00Summary
PTC Kepware KEPServerEX (Update A)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could lead to a server crashing, a denial-of-service condition, data leakage, or remote code execution.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ThingWorx Kepware Server: v6.8 and v6.9
PTC / ThingWorx Kepware Server
|
6.8 | 6.9 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation KEPServer Enterprise: v6.6.504.0 and v6.9.572.0
PTC / Rockwell Automation KEPServer Enterprise
|
6.6.504.0 | 6.9.572.0 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
GE Digital Industrial Gateway Server: v7.68.804 and v7.66
PTC / GE Digital Industrial Gateway Server
|
7.68.804 | 7.66 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
KEPServerEX: v6.0 to v6.9
PTC / KEPServerEX
|
>= 6.0 | <= 6.9 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ThingWorx Industrial Connectivity: All versions
PTC / ThingWorx Industrial Connectivity
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Software Toolbox TOP Server: All 6.x versions
PTC / Software Toolbox TOP Server
|
6.x |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
OPC-Aggregator: All versions
PTC / OPC-Aggregator
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ThingWorx Kepware Server: v6.8 and v6.9
PTC / ThingWorx Kepware Server
|
6.8 | 6.9 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation KEPServer Enterprise: v6.6.504.0 and v6.9.572.0
PTC / Rockwell Automation KEPServer Enterprise
|
6.6.504.0 | 6.9.572.0 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
GE Digital Industrial Gateway Server: v7.68.804 and v7.66
PTC / GE Digital Industrial Gateway Server
|
7.68.804 | 7.66 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
KEPServerEX: v6.0 to v6.9
PTC / KEPServerEX
|
>= 6.0 | <= 6.9 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ThingWorx Industrial Connectivity: All versions
PTC / ThingWorx Industrial Connectivity
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Software Toolbox TOP Server: All 6.x versions
PTC / Software Toolbox TOP Server
|
6.x |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
OPC-Aggregator: All versions
PTC / OPC-Aggregator
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ThingWorx Kepware Server: v6.8 and v6.9
PTC / ThingWorx Kepware Server
|
6.8 | 6.9 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation KEPServer Enterprise: v6.6.504.0 and v6.9.572.0
PTC / Rockwell Automation KEPServer Enterprise
|
6.6.504.0 | 6.9.572.0 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
GE Digital Industrial Gateway Server: v7.68.804 and v7.66
PTC / GE Digital Industrial Gateway Server
|
7.68.804 | 7.66 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
KEPServerEX: v6.0 to v6.9
PTC / KEPServerEX
|
>= 6.0 | <= 6.9 |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ThingWorx Industrial Connectivity: All versions
PTC / ThingWorx Industrial Connectivity
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Software Toolbox TOP Server: All 6.x versions
PTC / Software Toolbox TOP Server
|
6.x |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
OPC-Aggregator: All versions
PTC / OPC-Aggregator
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
11 references
Acknowledgments
Claroty
Uri Katz
{
"document": {
"acknowledgments": [
{
"names": [
"Uri Katz"
],
"organization": "Claroty",
"summary": "reporting these vulnerabilities to PTC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could lead to a server crashing, a denial-of-service condition, data leakage, or remote code execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-352-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-352-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-352-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-352-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "PTC Kepware KEPServerEX (Update A)",
"tracking": {
"current_release_date": "2021-01-05T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-352-02",
"initial_release_date": "2020-12-17T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-12-17T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-352-02 PTC KEPServerEX"
},
{
"date": "2021-01-05T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-20-352-02 PTC Kepware KEPServerEX (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6.8 | 6.9",
"product": {
"name": "ThingWorx Kepware Server: v6.8 and v6.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ThingWorx Kepware Server"
},
{
"branches": [
{
"category": "product_version",
"name": "6.6.504.0 | 6.9.572.0",
"product": {
"name": "Rockwell Automation KEPServer Enterprise: v6.6.504.0 and v6.9.572.0",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Rockwell Automation KEPServer Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "7.68.804 | 7.66",
"product": {
"name": "GE Digital Industrial Gateway Server: v7.68.804 and v7.66",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "GE Digital Industrial Gateway Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 6.0 | \u003c= 6.9",
"product": {
"name": "KEPServerEX: v6.0 to v6.9",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "KEPServerEX"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "ThingWorx Industrial Connectivity: All versions",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "ThingWorx Industrial Connectivity"
},
{
"branches": [
{
"category": "product_version",
"name": "6.x",
"product": {
"name": "Software Toolbox TOP Server: All 6.x versions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Software Toolbox TOP Server"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "OPC-Aggregator: All versions",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "OPC-Aggregator"
}
],
"category": "vendor",
"name": "PTC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27265",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The affected products are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.CVE-2020-27265 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27265"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTC has released updates for the following products and recommends that users upgrade to the most current supported version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.6 should upgrade to Version 6.6.362.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.7 should upgrade to Version 6.7.1067.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.8 should upgrade to Version 6.8.838.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Kepware Server Version 6.8 should upgrade to Version 6.8.839.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Kepware Server Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Industrial Connectivity Version 8.4 should upgrade to Version 8.4 (6.6.362.0)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Industrial Connectivity Version 8.5 should upgrade to Version 8.5 (6.7.1068.0)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "vendor_fix",
"details": "OPC-Aggregator Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "Rockwell Automation KEPServer Enterprise Version 6.6 should upgrade to Version 6.6.550.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation KEPServer Enterprise Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users upgrade to the most current version available, depending on the base version of the affected product they are using.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129402"
},
{
"category": "mitigation",
"details": "GE Digital Industrial Gateway Server Versions 7.68.804 and 7.66 should update to Version 7.68.839.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx"
},
{
"category": "mitigation",
"details": "The GE Digital Security Advisory GED 20-05 can be accessed on the GE Digital Security Advisories Customer Center webpage.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-05"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.7 should upgrade to Version 6.7.1068.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.8 should upgrade to Version 6.8.840.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox has released updates and recommends users update their installations.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2020-27263",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The affected products are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.CVE-2020-27263 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27263"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTC has released updates for the following products and recommends that users upgrade to the most current supported version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.6 should upgrade to Version 6.6.362.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.7 should upgrade to Version 6.7.1067.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.8 should upgrade to Version 6.8.838.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Kepware Server Version 6.8 should upgrade to Version 6.8.839.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Kepware Server Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Industrial Connectivity Version 8.4 should upgrade to Version 8.4 (6.6.362.0)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Industrial Connectivity Version 8.5 should upgrade to Version 8.5 (6.7.1068.0)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "vendor_fix",
"details": "OPC-Aggregator Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "Rockwell Automation KEPServer Enterprise Version 6.6 should upgrade to Version 6.6.550.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation KEPServer Enterprise Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users upgrade to the most current version available, depending on the base version of the affected product they are using.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129402"
},
{
"category": "mitigation",
"details": "GE Digital Industrial Gateway Server Versions 7.68.804 and 7.66 should update to Version 7.68.839.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx"
},
{
"category": "mitigation",
"details": "The GE Digital Security Advisory GED 20-05 can be accessed on the GE Digital Security Advisories Customer Center webpage.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-05"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.7 should upgrade to Version 6.7.1068.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.8 should upgrade to Version 6.8.840.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox has released updates and recommends users update their installations.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2020-27267",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The affected products are vulnerable to a use after free vulnerability, which may allow an attacker to create and close OPC UA connections at a high rate that may cause a server to crash.CVE-2020-27267 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27267"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTC has released updates for the following products and recommends that users upgrade to the most current supported version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.6 should upgrade to Version 6.6.362.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.7 should upgrade to Version 6.7.1067.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.8 should upgrade to Version 6.8.838.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "KEPServerEX Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://my.kepware.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Kepware Server Version 6.8 should upgrade to Version 6.8.839.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Kepware Server Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Industrial Connectivity Version 8.4 should upgrade to Version 8.4 (6.6.362.0)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "ThingWorx Industrial Connectivity Version 8.5 should upgrade to Version 8.5 (6.7.1068.0)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "vendor_fix",
"details": "OPC-Aggregator Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.ptc.com/"
},
{
"category": "mitigation",
"details": "Rockwell Automation KEPServer Enterprise Version 6.6 should upgrade to Version 6.6.550.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation KEPServer Enterprise Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users upgrade to the most current version available, depending on the base version of the affected product they are using.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129402"
},
{
"category": "mitigation",
"details": "GE Digital Industrial Gateway Server Versions 7.68.804 and 7.66 should update to Version 7.68.839.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx"
},
{
"category": "mitigation",
"details": "The GE Digital Security Advisory GED 20-05 can be accessed on the GE Digital Security Advisories Customer Center webpage.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-05"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.7 should upgrade to Version 6.7.1068.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.8 should upgrade to Version 6.8.840.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox TOP Server Version 6.9 should upgrade to Version 6.9.584.0",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
},
{
"category": "mitigation",
"details": "Software Toolbox has released updates and recommends users update their installations.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://www.softwaretoolbox.com/quickfaq.asp?faqid=3924"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…