CVE-2023-5908

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*

History

06 Dec 2023, 19:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
First Time Ptc
Ptc thingworx Kepware Edge
Ptc thingworx Kepware Server
Rockwellautomation
Rockwellautomation kepserver Enterprise
Softwaretoolbox top Server
Ptc thingworx Industrial Connectivity
Ge industrial Gateway Server
Ptc keepserverex
Ge
Ptc opc-aggregator
Softwaretoolbox
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 - Third Party Advisory, US Government Resource
CWE CWE-120
CPE cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*
cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*
cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*

30 Nov 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 22:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-5908

Mitre link : CVE-2023-5908

CVE.ORG link : CVE-2023-5908


JSON object : View

Products Affected

ge

  • industrial_gateway_server

ptc

  • opc-aggregator
  • keepserverex
  • thingworx_kepware_server
  • thingworx_kepware_edge
  • thingworx_industrial_connectivity

softwaretoolbox

  • top_server

rockwellautomation

  • kepserver_enterprise
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-122

Heap-based Buffer Overflow