Description:

PTC has released security update to address a vulnerability in the following products:

• KEPServerEX: v6.0 to v6.9
• ThingWorx Kepware Server: v6.8 and v6.9
• ThingWorx Industrial Connectivity: All versions
• OPC-Aggregator: All versions

The following products may have a vulnerable component:

• The following products may have a vulnerable component:
• Rockwell Automation KEPServer Enterprise: v6.6.504.0 and v6.9.572.0
• GE Digital Industrial Gateway Server: v7.68.804 and v7.66
• Software Toolbox TOP Server: All 6.x versions

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Denial of service attack (DoS)
• Buffer overflow

Best practice and Recommendations:

The CERT team encourages users to review PTC security advisory and apply the necessary updates:

• KEPServerEX
  • Version 6.6 should upgrade to Version 6.6.362.0
  • Version 6.7 should upgrade to Version 6.7.1067.0
  • Version 6.8 should upgrade to Version 6.8.838.0
  • Version 6.9 should upgrade to Version 6.9.584.0
• ThingWorx Kepware Server
  • Version 6.8 should upgrade to Version 6.8.839.0
  • Version 6.9 should upgrade to Version 6.9.584.0
• ThingWorx Industrial Connectivity
  • Version 8.4 should upgrade to Version 8.4 (6.6.362.0)
  • Version 8.5 should upgrade to Version 8.5 (6.7.1068.0)
• OPC-Aggregator
  • Version 6.9 should upgrade to Version 6.9.584.0

PTC recommends users of the following products upgrade to the most current supported version:

• Rockwell Automation KEPServer Enterprise
  • Version 6.6 should upgrade to Version 6.6.550.0
  • Version 6.9 should upgrade to Version 6.9.584.0
• GE Digital Industrial Gateway Server
  • Versions 7.68.804 and 7.66 should update to Version 7.68.839.
• Software Toolbox TOP Server
  • Version 6.7 should upgrade to Version 6.7.1068.0
  • Version 6.8 should upgrade to Version 6.8.840.0
  • Version 6.9 should upgrade to Version 6.9.584.0