Severity:
Critical
Advisory ID:
PN1603
Published Date:
September 01, 2022
Last Updated:
September 01, 2022
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2022-2825,
CVE-2022-2848
Summary
KEPServer Enterprise Vulnerable to Remote Code Execution and Denial-of-Service Attack
Revision History
Revision History
Version 1.0 – September 1, 2022 – Initial Version
Executive Summary
Rockwell Automation was notified by ICS-CERT of vulnerabilities discovered in Kepware® KEPServerEX, which affects the Rockwell Automation KEPServer Enterprise. Successful exploitation of these vulnerabilities could allow an attacker to crash the device or remotely execute arbitrary code.
Customers using the products in scope are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details are provided relating to the discovered vulnerabilities, including recommended countermeasures.
Customers using the products in scope are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details are provided relating to the discovered vulnerabilities, including recommended countermeasures.
Affected Products
KEPServer Enterprise – All versions prior to v13.01.00
Vulnerability Details
CVE 2022-2848 KEPServer Enterprise Heap-Based Overflow
CVSS Base Score: 9.1 /10 (Critical)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and
leak data.
CVE 2022-2825 KEPServer Enterprise Stack-Based Overflow
CVSS Base Score: 9.8 /10 (Critical)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and remotely execute code.
CVSS Base Score: 9.1 /10 (Critical)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and
leak data.
CVE 2022-2825 KEPServer Enterprise Stack-Based Overflow
CVSS Base Score: 9.8 /10 (Critical)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and remotely execute code.
Risk Mitigation & User Action
Vulnerability | Suggested Actions |
---|---|
CVE-2022-2848 | Customers should update to version 13.01.00 which mitigates these issues |
CVE-2022-2825 |
If a customer is unable to update to the mitigated version, it is suggested that Security Best Practices are followed as outlined in our Knowledgebase article, QA43240 - Security Best Practices.
General Security Guidelines
Copyright ©2022 Rockwell Automation, Inc.