We apologize for any inconvenience this may cause.
![kepserverex 5 kepserverex 5](https://miro.medium.com/max/2000/1*Dtq_HBbUh1LOwAgv_Mug9A.png)
Kepware addressed these issues by upgrading to OpenSSL version 1.0.2h in KEPServerEX version 5.21.112, which was released on August 16, 2016. Enabling a non-localhost endpoint makes a machine more susceptible, but it depends on how accessible the OPC UA server is on the network. Because KEPServerEX only installs a Localhost UA endpoint by default, only applications running on the same machine as KEPServerEX could exploit this vulnerability. Any machine that can access the OPC UA server on the network could exploit this vulnerability. If the OPC UA server is accessible via the WAN, it is more susceptible to this vulnerability. A rogue application would need to penetrate this network and exploit the vulnerability from a compromised machine on the network. For example, if the OPC UA server is only available on the LAN or controls network, the exposure is limited. The more accessible the OPC UA server is, the more vulnerable it is to this attack. KEPServerEX version 5 communications server from Kepware Technologies features many technical advancements, including a separation of runtime and development modes, platform. This is a Control Engineering 2011 Engineers Choice (EC) Award winner.
Kepserverex 5 software#
This can lead to unauthorized access to sensitive information. KEPServerEX is an interoperability software server connecting disparate systems and interfaces. Those versions do not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive clear-text information via a padding-oracle attack against an AES CBC session. The following link documents the vulnerability in OpenSSL: The vulnerability relates to the AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h. Recently discovered vulnerabilities in OpenSSL could impact these products by allowing a remote attacker to intercept, decrypt, and manipulate data between KEPServerEX and a UA endpoint.
![kepserverex 5 kepserverex 5](https://www.foxon.cz/images/FOXON/blog/Navody-postupy/Registrace-OPC-Serveru-KEPServerEX-v5-pomoci-HW-klice/opc-kepware-hw-key-license-foxon-img01.png)
![kepserverex 5 kepserverex 5](http://citieszooma.weebly.com/uploads/1/3/8/0/138095475/315057354_orig.jpg)
KEPServerEX uses OpenSSL to secure communications with the OPC UA server and OPC UA Client driver. OpenSSL is an open-source library used by many OPC UA applications to secure communications.
Kepserverex 5 driver#
Customers not using the OPC UA server or OPC UA Client driver for KEPServerEX can disregard this article. Customers using the KEPServerEX OPC UA server or OPC UA Client driver should be aware of security vulnerabilities discovered in OpenSSL that impact KEPServerEX version 5.20.396 and earlier.