Use the search feature to view Kepware's repository of more than 500 Knowledge Base articles. Narrow your results or type your query into the search field below.

Alternatively, if you are unable to find a solution, we have an additional resource - our PTC eSupport Portal . If you are prompted to log into the eSupport Portal, you can use your My Kepware credentials. Need a My Kepware account? Create one here .

Search Solution Results By:
View All Solutions

Kepware Knowledge Base: Solution


OpenSSL Security Vulnerability does not affect KEPServerEX (CVE-2016-6304)

Last Update: 11/7/2018
Print
OpenSSL is an open source library used by many applications to secure communications. KEPServerEX uses OpenSSL to secure communications between the server, devices, and other applications. Customers who are aware that KEPServerEX uses OpenSSL for secure communications may also monitor vulnerabilities associated with OpenSSL.

A vulnerability related to OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allows multiple memory leaks in t1_lib.c, which could allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

The functions required for this attack to occur are not used within KEPServerEX and cannot be activated within the product.

The following link documents the vulnerability in OpenSSL:
Related Products
KEPServerEX

© 2019 PTC Inc. All Rights Reserved.