The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGe Digital Industrial Gateway Server
APPGe≤ 7.612Ptc Kepware Server
APPPtc≤ 6.12Ptc Kepware Serverex
APPPtc≤ 6.12Ptc Thingworx Edge C Sdk
APPPtc≤ 2.2.12.1052Ptc Thingworx Edge Microserver
APPPtc≤ 5.4.10.0Ptc Thingworx Industrial Connectivity
APPPtcwszystkie wersjePtc Thingworx Kepware Edge
APPPtc≤ 1.5Ptc Thingworx .net Sdk
APPPtc≤ 5.8.4.971Rockwellautomation Kepserver Enterprise
APPRockwellautomation≤ 6.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Powiązane podatności
CVE-2023-5908CRITICAL9.1PL ✓ten sam produkt
Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych
CVE-2022-2848CRITICAL9.1ten sam produkt
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
CVE-2022-2825CRITICAL9.8ten sam produkt
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
CVE-2023-0754CRITICAL9.8ten sam produkt
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to ...
CVE-2020-27267CRITICAL9.1ten sam produkt
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versi...