Lucene search
HistoryFeb 23, 2023 - 10:15 p.m.
CVE-2023-0755
cve-2023-0755
vulnerability
array index
validation
crash
server
remote code execution
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.5%
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
Affected configurations
Node
gedigital_industrial_gateway_serverRangeā¤7.612
ORptckepware_serverRangeā¤6.12
ORptckepware_serverexRangeā¤6.12
ORptcthingworx_.net-sdkRangeā¤5.8.4.971
ORptcthingworx_edge_c-sdkRangeā¤2.2.12.1052
ORptcthingworx_edge_microserverRangeā¤5.4.10.0
ORptcthingworx_industrial_connectivityMatch-
ORptcthingworx_kepware_edgeRangeā¤1.5
ORrockwellautomationkepserver_enterpriseRangeā¤6.12
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge C-SDK",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v2.2.12.1052 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": ".NET-SDK",
"vendor": "Microsoft",
"versions": [
{
"lessThanOrEqual": "v5.8.4.971 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge MicroServer (EMS)",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v5.4.10.0 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server ",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All Versions "
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise ",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "v6.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital Industrial Gateway Server ",
"vendor": "General Electric ",
"versions": [
{
"lessThanOrEqual": "v7.612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
srcincite
srcincite
cvelist
cvelist
CVE-2023-0755
2023-02-23 21:23:19
nvd
nvd
CVE-2023-0755
2023-02-23 22:15:11
prion
prion
Input validation
2023-02-23 22:15:00
ics
ics
PTC ThingWorx Edge
2023-02-23 12:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.5%
Related for CVE-2023-0755