CVE-2023-5909 – Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
https://notcve.org/view.php?id=CVE-2023-5909
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. KEPServerEX no valida adecuadamente los certificados de los clientes, lo que puede permitir que se conecten usuarios no autenticados. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVE-2023-5908 – Heap Based Buffer Overflow in PTC KEPServerEx
https://notcve.org/view.php?id=CVE-2023-5908
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. KEPServerEX es vulnerable a un desbordamiento del búfer que puede permitir que un atacante bloquee el producto al que se accede o filtre información. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •