Vulnerabilities Discovered in KEPServerEX : No cause for alarm.

Free security patch available

Kepware has discovered vulnerabilities in the OPC UA server interface of their KEPServerEX software product.

This applies to KEPServerEX versions from v6.0.xx to v6.9.xx

Existing systems can be updated, at no cost, using the updated code available from ‘MyKepware’, for each specific, installed version, v6.0.xx to v6.9.xx.

Summary of the vulnerability situation….

  • This was NOT discovered/reported by a customer. It was discovered during Kepware’s own internal test/quality procedures.
  • NO ‘live’ systems have been affected.
  • NO customers/users have reported any related issues
  • To be affected, a malicious attack would be required – i.e. it is not a bug.
  • The malicious attacker would need to have direct access to the OPC-UA interface.
  • Only the OPC-UA interface is affected - i.e. all other interfaces and protocols are unaffected.

 

Further technical information is available here…

https://www.ptc.com/en/support/article/CS334963

https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02

NOTE! This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it.

I understand

Login

Please login using your credentials recived by email when you register.

  or   Create an account

Forgot your password? |  Forgot your username?

×

Register now


This is a Quick registration Module. Please register to get access to downloads and product specific documents.



  or   Login
×