1. EXECUTIVE SUMMARY
- CVSS v4 5.9
- ATTENTION: Exploitable from adjacent network.
- Vendor: PTC
- Equipment: Kepware ThingWorx Kepware Server
- Vulnerability: Allocation of Resources Without Limits or Throttling
2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the target device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
PTC reports that the following products and versions are affected:
- PTC Kepware ThingWorx Kepware Server: V6
- PTC Kepware KEPServerEX: V6
- Software Toolbox TOP Server: V6
- GE IGS: V7.6x
3.2 Vulnerability Overview
3.2.1 Allocation of Resources Without Limits or Throttling CWE-770
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.
CVE-2024-6098 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-6098. A base score of 5.9 has been calculated; the CVSS vector string is ([…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: