Claroty discovered that KEPServerEX is affected by two critical vulnerabilities that could allow an attacker to crash a server, obtain data, or remotely execute arbitrary code by sending specially crafted OPC UA messages to the targeted system.