Lucene search

[email protected]CVE-2023-0755

HistoryFeb 23, 2023 - 10:15 p.m.

CVE-2023-0755

2023-02-2322:15:11

CWE-129

[email protected]

web.nvd.nist.gov

cve-2023-0755

vulnerability

array index

validation

crash

server

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.1%

JSON

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.

CPENameOperatorVersion
ge:digital_industrial_gateway_serverge digital industrial gateway serverle7.612
ptc:kepware_serverptc kepware serverle6.12
ptc:kepware_serverexptc kepware serverexle6.12
ptc:thingworx_.net-sdkptc thingworx .net-sdkle5.8.4.971
ptc:thingworx_edge_c-sdkptc thingworx edge c-sdkle2.2.12.1052
ptc:thingworx_edge_microserverptc thingworx edge microserverle5.4.10.0
ptc:thingworx_industrial_connectivityptc thingworx industrial connectivityeq-
ptc:thingworx_kepware_edgeptc thingworx kepware edgele1.5
ptc:thingworx_kepware_edgeptc thingworx kepware edgeeq1.4
rockwellautomation:kepserver_enterpriserockwellautomation kepserver enterprisele6.12

CPE	Name	Operator	Version
ge:digital_industrial_gateway_server	ge digital industrial gateway server	le	7.612
ptc:kepware_server	ptc kepware server	le	6.12
ptc:kepware_serverex	ptc kepware serverex	le	6.12
ptc:thingworx_.net-sdk	ptc thingworx .net-sdk	le	5.8.4.971
ptc:thingworx_edge_c-sdk	ptc thingworx edge c-sdk	le	2.2.12.1052
ptc:thingworx_edge_microserver	ptc thingworx edge microserver	le	5.4.10.0
ptc:thingworx_industrial_connectivity	ptc thingworx industrial connectivity	eq	-
ptc:thingworx_kepware_edge	ptc thingworx kepware edge	le	1.5
ptc:thingworx_kepware_edge	ptc thingworx kepware edge	eq	1.4
rockwellautomation:kepserver_enterprise	rockwellautomation kepserver enterprise	le	6.12

Rows per page:

1-10 of 131

References

www.cisa.gov/uscert/ics/advisories/icsa-23-054-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for CVE-2023-0755

prion1 srcincite1 cvelist1 ics1