Design/Logic Flaw

2024-01-1021:15:00

PRIOn knowledge base

www.prio-n.com

kepserverex

credentials

vulnerability

adversary

capture

web server

basic authentication

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.3%

JSON

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.

CPENameOperatorVersion
kepware_kepserverexge6.0.2107.0
kepware_kepserverexle6.14.263.0
thingworx_industrial_connectivityge8.0
thingworx_industrial_connectivityle8.5
thingworx_kepware_serverge6.8
thingworx_kepware_serverle6.14.263.0

Name	Operator	Version
kepware_kepserverex	ge	6.0.2107.0
kepware_kepserverex	le	6.14.263.0
thingworx_industrial_connectivity	ge	8.0
thingworx_industrial_connectivity	le	8.5
thingworx_kepware_server	ge	6.8
thingworx_kepware_server	le	6.14.263.0