1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: PTC
- Equipment: KEPServerEX, ThingWorx, OPC-Aggregator
- Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker gaining Windows SYSTEM-level code execution on the service host and may cause the product to crash, leak sensitive information, or connect to the product without proper authentication.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following PTC Kepware products, are affected:
- KEPServerEX: v6.14.263.0 and prior
- ThingWorx Kepware Server: v6.14.263.0 and prior
- ThingWorx Industrial Connectivity: All versions
- OPC-Aggregator: v6.14 and prior
- ThingWorx Kepware Edge: v1.7 and prior
- Rockwell Automation KEPServer Enterprise: Versions v6.14.263.0 and prior
- GE Digital Industrial Gateway Server: Versions v7.614 and prior
- Software Toolbox TOP Server: Versions v6.14.263.0 and prior
3.2 Vulnerability Overview
3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
CVE-2023-5908 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).
3.2.2 IMPROPER VALIDATION OF CERTIFICATE WITH HOST MISMATCH CWE-297
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: