Vulnerabilities Discovered in KEPServerEX : No cause for alarm.
Free security patch available
Kepware has discovered vulnerabilities in the OPC UA server interface of their KEPServerEX software product.
This applies to KEPServerEX versions from v6.0.xx to v6.9.xx
Existing systems can be updated, at no cost, using the updated code available from ‘MyKepware’, for each specific, installed version, v6.0.xx to v6.9.xx.
Summary of the vulnerability situation….
- This was NOT discovered/reported by a customer. It was discovered during Kepware’s own internal test/quality procedures.
- NO ‘live’ systems have been affected.
- NO customers/users have reported any related issues
- To be affected, a malicious attack would be required – i.e. it is not a bug.
- The malicious attacker would need to have direct access to the OPC-UA interface.
- Only the OPC-UA interface is affected - i.e. all other interfaces and protocols are unaffected.
Further technical information is available here…
This is a Quick registration Module. Please register to get access to downloads and product specific documents.