Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
PTC Kepware KEPServerEX 缓冲区错误漏洞
Vulnerability Description
PTC Kepware KEPServerEX是美国PTC公司的一个工业自动化数据连接解决方u200bu200b案。 PTC Kepware KEPServerEX 6.0至6.14.263版本存在缓冲区错误漏洞,该漏洞源于容易被迫读取递归定义的对象,导致资源消耗不受控制。
CVSS Information
N/A
Vulnerability Type
N/A