CVE-2023-5908
Heap Based Buffer Overflow in PTC KEPServerEx
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
KEPServerEX es vulnerable a un desbordamiento del búfer que puede permitir que un atacante bloquee el producto al que se accede o filtre información.
*Credits:
Shawn Hoffman
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-01 CVE Reserved
- 2023-11-30 CVE Published
- 2023-12-07 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | Industrial Gateway Server Search vendor "Ge" for product "Industrial Gateway Server" | <= 7.614 Search vendor "Ge" for product "Industrial Gateway Server" and version " <= 7.614" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Keepserverex Search vendor "Ptc" for product "Keepserverex" | <= 6.14.263.0 Search vendor "Ptc" for product "Keepserverex" and version " <= 6.14.263.0" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Opc-aggregator Search vendor "Ptc" for product "Opc-aggregator" | <= 6.14 Search vendor "Ptc" for product "Opc-aggregator" and version " <= 6.14" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Industrial Connectivity Search vendor "Ptc" for product "Thingworx Industrial Connectivity" | - | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Kepware Edge Search vendor "Ptc" for product "Thingworx Kepware Edge" | <= 1.7 Search vendor "Ptc" for product "Thingworx Kepware Edge" and version " <= 1.7" | - |
Affected
| ||||||
| Ptc Search vendor "Ptc" | Thingworx Kepware Server Search vendor "Ptc" for product "Thingworx Kepware Server" | <= 6.14.263.0 Search vendor "Ptc" for product "Thingworx Kepware Server" and version " <= 6.14.263.0" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | Kepserver Enterprise Search vendor "Rockwellautomation" for product "Kepserver Enterprise" | <= 6.14.263.0 Search vendor "Rockwellautomation" for product "Kepserver Enterprise" and version " <= 6.14.263.0" | - |
Affected
| ||||||
| Softwaretoolbox Search vendor "Softwaretoolbox" | Top Server Search vendor "Softwaretoolbox" for product "Top Server" | <= 6.14.263.0 Search vendor "Softwaretoolbox" for product "Top Server" and version " <= 6.14.263.0" | - |
Affected
| ||||||