CVE-2023-5908

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*

History

06 Dec 2023, 19:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 - Third Party Advisory, US Government Resource
CWE CWE-120
CPE cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*
cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*
cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*
First Time Ptc
Ptc thingworx Kepware Edge
Ptc thingworx Kepware Server
Rockwellautomation
Rockwellautomation kepserver Enterprise
Softwaretoolbox top Server
Ptc thingworx Industrial Connectivity
Ge industrial Gateway Server
Ptc keepserverex
Ge
Ptc opc-aggregator
Softwaretoolbox

30 Nov 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 22:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-5908

Mitre link : CVE-2023-5908

CVE.ORG link : CVE-2023-5908


JSON object : View

Products Affected

ge

  • industrial_gateway_server

ptc

  • thingworx_industrial_connectivity
  • thingworx_kepware_edge
  • thingworx_kepware_server
  • keepserverex
  • opc-aggregator

rockwellautomation

  • kepserver_enterprise

softwaretoolbox

  • top_server
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-122

Heap-based Buffer Overflow