KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NGe Industrial Gateway Server
APPGe≤ 7.614Ptc Keepserverex
APPPtc≤ 6.14.263.0Ptc Opc Aggregator
APPPtc≤ 6.14Ptc Thingworx Industrial Connectivity
APPPtcwszystkie wersjePtc Thingworx Kepware Edge
APPPtc≤ 1.7Ptc Thingworx Kepware Server
APPPtc≤ 6.14.263.0Rockwellautomation Kepserver Enterprise
APPRockwellautomation≤ 6.14.263.0Softwaretoolbox Top Server
APPSoftwaretoolbox≤ 6.14.263.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-5908CRITICAL9.1PL ✓ten sam produkt
Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych
CVE-2022-2825CRITICAL9.8ten sam produkt
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
CVE-2022-2848CRITICAL9.1ten sam produkt
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
CVE-2023-0755CRITICAL9.8ten sam produkt
The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...
CVE-2023-0754CRITICAL9.8ten sam produkt
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to ...