HIGH🇵🇱 Wersja polska

CVE-2023-5909

CVSS 7.5v3.1pub. 2023-11-30upd. 2024-11-21

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Ge Industrial Gateway Server

    APP
    Ge
    ≤ 7.614
  • Ptc Keepserverex

    APP
    Ptc
    ≤ 6.14.263.0
  • Ptc Opc Aggregator

    APP
    Ptc
    ≤ 6.14
  • Ptc Thingworx Industrial Connectivity

    APP
    Ptc
    wszystkie wersje
  • Ptc Thingworx Kepware Edge

    APP
    Ptc
    ≤ 1.7
  • Ptc Thingworx Kepware Server

    APP
    Ptc
    ≤ 6.14.263.0
  • Rockwellautomation Kepserver Enterprise

    APP
    Rockwellautomation
    ≤ 6.14.263.0
  • Softwaretoolbox Top Server

    APP
    Softwaretoolbox
    ≤ 6.14.263.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5908CRITICAL9.1PL ✓ten sam produkt

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych

CVE-2022-2825CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2022-2848CRITICAL9.1ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2023-0755CRITICAL9.8ten sam produkt

The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...

CVE-2023-0754CRITICAL9.8ten sam produkt

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to ...