On 30 August 2022 ICS-CERT published an ICS Advisory to highlight vulnerabilities in the following products
- Kepware KEPServerEX – versions prior to 6.12
- ThingWorkx Kepware Server – versions prior to 6.12
- ThingWorkx Industrial Connectivity – all versions
- OPC-Aggregator – versions prior to 6.12
- ThingWorkx Kepware Edge – version 1.4 and prior
- Rockwell Automation KEPServer Enterprise – versions prior to v6.12
- GE Digital Industrial Gateway Server – versions prior to v7.612
- Software Toolbox TOP Server – versions prior to v6.12
Exploitation of these vulnerabilities could result in denial of service and remote code execution.
The Canadian Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.
