Verwenden Sie die Suchfunktion, um das Kepware Repository mit mehr als 500 Wissensdatenbank-Artikeln anzuzeigen. Grenzen Sie die Ergebnisse ein, oder geben Sie Ihre Abfrage im Suchfeld unten ein.

Wenn Sie keine Lösung finden, stehen Ihnen alternativ weitere Ressourcen zur Verfügung: unser PTC eSupport Portal. Wenn Sie aufgefordert werden, sich beim eSupport Portal anzumelden, können Sie die Anmeldeinformationen für „My Kepware“ verwenden. Benötigen Sie ein Konto für „My Kepware“? Hier können Sie ein Konto erstellen.

Lösungsergebnisse durchsuchen nach:
View All Solutions

Kepware Knowledge Base: Solution


OpenSSL Update for OPC UA Components in KEPServerEX 5.18 Release


Last Update: 12.11.2018
Customers not using the OPC UA server or OPC UA Client driver for KEPServerEX can disregard this article. Customers using either solution should be aware of security vulnerabilities discovered in OpenSSL that impact these products in KEPServerEX version 5.18.662 and earlier.

OpenSSL is an open source library used by many OPC UA applications to secure communications. KEPServerEX uses OpenSSL to secure communications with our OPC UA server interface and OPC UA Client driver. Vulnerabilities were recently discovered in OpenSSL that have the potential to impact these products. By exploiting these vulnerabilities, a remote attacker could cause KEPServerEX to crash or become unresponsive.

The following links document the vulnerabilities in OpenSSL that have the potential to impact all OPC UA applications:
Both vulnerabilities relate to certificate validation in OpenSSL. If an attacker sends an OPC UA server a command with a specially-crafted certificate, OpenSSL will try and validate the certificate in doing so, it will access invalid memory or process the certificate indefinitely. This can lead to an application crash or a denial of service.

The more accessible the OPC UA server is, the more vulnerable it is to this attack. For example, if the OPC UA server is only available on the LAN or controls network, the exposure is limited. A rogue application would need to penetrate this network and exploit the vulnerability from a compromised machine on the network. If the OPC UA server is accessible via the WAN, it is more susceptible to attack. Any machine that can access the OPC UA server on the network could exploit this vulnerability.

Because KEPServerEX only installs a Localhost UA endpoint by default, only applications running on the same machine as KEPServerEX could exploit this vulnerability, which is unlikely. Enabling a non-localhost endpoint makes a machine more susceptible, but again, it depends on how accessible the OPC UA server is on the network.

Kepware addressed these issues by upgrading to OpenSSL version 1.0.2d in KEPServerEX version 5.18.673, which was released on August 17, 2015.

We apologize for any inconvenience this may cause.
Related Products
KEPServerEX, OPC UA Client

Related Protocols
OPC Unified Architecture (UA)