Kepware Knowledge Base: Solution
OpenSSL Security Vulnerability does not affect KEPServerEX (CVE-2016-6304)
Last Update: 11/7/2018
OpenSSL is an open source library used by many applications to secure communications. KEPServerEX uses OpenSSL to secure communications between the server, devices, and other applications. Customers who are aware that KEPServerEX uses OpenSSL for secure communications may also monitor vulnerabilities associated with OpenSSL.
A vulnerability related to OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allows multiple memory leaks in t1_lib.c, which could allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
The functions required for this attack to occur are not used within KEPServerEX and cannot be activated within the product.
The following link documents the vulnerability in OpenSSL:
©
2022
PTC Inc. All Rights Reserved.