// For flags

CVE-2023-0754

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The affected products are vulnerable to an integer
overflow or wraparound, which could  allow an attacker to crash the server and remotely
execute arbitrary code.

*Credits: Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-02-08 CVE Reserved
  • 2023-02-23 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-09-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ge
Search vendor "Ge"
Digital Industrial Gateway Server
Search vendor "Ge" for product "Digital Industrial Gateway Server"
<= 7.612
Search vendor "Ge" for product "Digital Industrial Gateway Server" and version " <= 7.612"
-
Affected
Ptc
Search vendor "Ptc"
Kepware Server
Search vendor "Ptc" for product "Kepware Server"
<= 6.12
Search vendor "Ptc" for product "Kepware Server" and version " <= 6.12"
-
Affected
Ptc
Search vendor "Ptc"
Kepware Serverex
Search vendor "Ptc" for product "Kepware Serverex"
<= 6.12
Search vendor "Ptc" for product "Kepware Serverex" and version " <= 6.12"
-
Affected
Ptc
Search vendor "Ptc"
Thingworx .net-sdk
Search vendor "Ptc" for product "Thingworx .net-sdk"
<= 5.8.4.971
Search vendor "Ptc" for product "Thingworx .net-sdk" and version " <= 5.8.4.971"
-
Affected
Ptc
Search vendor "Ptc"
Thingworx Edge C-sdk
Search vendor "Ptc" for product "Thingworx Edge C-sdk"
<= 2.2.12.1052
Search vendor "Ptc" for product "Thingworx Edge C-sdk" and version " <= 2.2.12.1052"
-
Affected
Ptc
Search vendor "Ptc"
Thingworx Edge Microserver
Search vendor "Ptc" for product "Thingworx Edge Microserver"
<= 5.4.10.0
Search vendor "Ptc" for product "Thingworx Edge Microserver" and version " <= 5.4.10.0"
-
Affected
Ptc
Search vendor "Ptc"
Thingworx Industrial Connectivity
Search vendor "Ptc" for product "Thingworx Industrial Connectivity"
*-
Affected
Ptc
Search vendor "Ptc"
Thingworx Kepware Edge
Search vendor "Ptc" for product "Thingworx Kepware Edge"
<= 1.5
Search vendor "Ptc" for product "Thingworx Kepware Edge" and version " <= 1.5"
-
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
Kepserver Enterprise
Search vendor "Rockwellautomation" for product "Kepserver Enterprise"
<= 6.12
Search vendor "Rockwellautomation" for product "Kepserver Enterprise" and version " <= 6.12"
-
Affected