CVE-2023-0755
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
*Credits:
Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-08 CVE Reserved
- 2023-02-23 CVE Published
- 2024-12-17 EPSS Updated
- 2025-01-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-129: Improper Validation of Array Index
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | Digital Industrial Gateway Server Search vendor "Ge" for product "Digital Industrial Gateway Server" | <= 7.612 Search vendor "Ge" for product "Digital Industrial Gateway Server" and version " <= 7.612" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Kepware Server Search vendor "Ptc" for product "Kepware Server" | <= 6.12 Search vendor "Ptc" for product "Kepware Server" and version " <= 6.12" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Kepware Serverex Search vendor "Ptc" for product "Kepware Serverex" | <= 6.12 Search vendor "Ptc" for product "Kepware Serverex" and version " <= 6.12" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx .net-sdk Search vendor "Ptc" for product "Thingworx .net-sdk" | <= 5.8.4.971 Search vendor "Ptc" for product "Thingworx .net-sdk" and version " <= 5.8.4.971" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Edge C-sdk Search vendor "Ptc" for product "Thingworx Edge C-sdk" | <= 2.2.12.1052 Search vendor "Ptc" for product "Thingworx Edge C-sdk" and version " <= 2.2.12.1052" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Edge Microserver Search vendor "Ptc" for product "Thingworx Edge Microserver" | <= 5.4.10.0 Search vendor "Ptc" for product "Thingworx Edge Microserver" and version " <= 5.4.10.0" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Industrial Connectivity Search vendor "Ptc" for product "Thingworx Industrial Connectivity" | - | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Kepware Edge Search vendor "Ptc" for product "Thingworx Kepware Edge" | <= 1.5 Search vendor "Ptc" for product "Thingworx Kepware Edge" and version " <= 1.5" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | Kepserver Enterprise Search vendor "Rockwellautomation" for product "Kepserver Enterprise" | <= 6.12 Search vendor "Rockwellautomation" for product "Kepserver Enterprise" and version " <= 6.12" | - |
Affected
| ||||||