Use the search and browse feature to view Kepware's repository of more than 500 Knowledge Base articles. Narrow your results or type your query into the search field below.

Search Solutions Results By: View All Solutions

Kepware Knowledge Base: Solution


OpenSSL Security Vulnerability does not affect KEPServerEX (CVE-2016-6304)

Last Update: 11/7/2018
Print
OpenSSL is an open source library used by many applications to secure communications. KEPServerEX uses OpenSSL to secure communications between the server, devices, and other applications. Customers who are aware that KEPServerEX uses OpenSSL for secure communications may also monitor vulnerabilities associated with OpenSSL.

A vulnerability related to OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allows multiple memory leaks in t1_lib.c, which could allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

The functions required for this attack to occur are not used within KEPServerEX and cannot be activated within the product.

The following link documents the vulnerability in OpenSSL:
Related Products
KEPServerEX

© 2018 PTC Inc. All Rights Reserved.