CVE-2023-0754 (GCVE-0-2023-0754)
Vulnerability from cvelistv5
Published
2023-02-23 21:27
Modified
2025-01-16 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
The affected products are vulnerable to an integer
overflow or wraparound, which could allow an attacker to crash the server and remotely
execute arbitrary code.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | PTC | ThingWorx Edge C-SDK |
Version: 0 < |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:59:05.493845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:55:46.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge C-SDK",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v2.2.12.1052 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": ".NET-SDK",
"vendor": "Microsoft",
"versions": [
{
"lessThanOrEqual": "v5.8.4.971 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge MicroServer (EMS)",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v5.4.10.0 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server ",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All Versions "
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise ",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "v6.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital Industrial Gateway Server ",
"vendor": "General Electric ",
"versions": [
{
"lessThanOrEqual": "v7.612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe affected products are vulnerable to an integer\noverflow or wraparound, which could \u0026nbsp;allow an attacker to crash the server and remotely\nexecute arbitrary code.\u003c/p\u003e\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\nThe affected products are vulnerable to an integer\noverflow or wraparound, which could \u00a0allow an attacker to crash the server and remotely\nexecute arbitrary code.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T21:27:09.964Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePTC has released the following resolutions:\u003c/p\u003e\n\n\u003cp\u003eUpdate the impacted product to the latest version:\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Edge C-SDK: 3.0.0 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\n.NET-SDK: v5.8.5 or later.\u003c/p\u003e\n\n\u003cp\u003eFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is \u003cb\u003enot\u003c/b\u003e enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nKepware KEPServerEX: v6.13 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Kepware Edge: v1.6 or later.\u003c/p\u003e\n\n\u003cp\u003eThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\u003c/p\u003e\n\n\u003cp\u003eFor\nmore information see PTC\u2019s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS385715\"\u003eCustomer Support Article\n\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "PTC has released the following resolutions:\n\n\n\nUpdate the impacted product to the latest version:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge C-SDK: 3.0.0 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\n.NET-SDK: v5.8.5 or later.\n\n\n\nFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is not enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nKepware KEPServerEX: v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Edge: v1.6 or later.\n\n\n\nThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\n\n\n\nFor\nmore information see PTC\u2019s Customer Support Article\n.\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0754",
"datePublished": "2023-02-23T21:27:09.964Z",
"dateReserved": "2023-02-08T20:15:58.394Z",
"dateUpdated": "2025-01-16T21:55:46.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-0754\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-02-23T22:15:11.333\",\"lastModified\":\"2024-11-21T07:37:45.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nThe affected products are vulnerable to an integer\\noverflow or wraparound, which could \u00a0allow an attacker to crash the server and remotely\\nexecute arbitrary code.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.612\",\"matchCriteriaId\":\"B4D9E061-4E5C-4390-916D-8AABE3523E16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.12\",\"matchCriteriaId\":\"A50F0395-983A-4261-9FE3-40762E5EC02F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.12\",\"matchCriteriaId\":\"F7C3EDBB-FEB2-4BE7-A379-AF07F1BCD46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.8.4.971\",\"matchCriteriaId\":\"63EBD473-C1FD-4B90-BEB9-38488F6EC8A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.12.1052\",\"matchCriteriaId\":\"7D82325D-070B-462B-B92F-34CC047D3340\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.4.10.0\",\"matchCriteriaId\":\"E860B82D-355A-4AB3-AA93-6B1D15A1B2D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47A370A2-4847-4702-AC73-03A2B62C49C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5\",\"matchCriteriaId\":\"C16730F8-C263-478B-B286-9831FFF5A409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.12\",\"matchCriteriaId\":\"E5A51513-026A-43DA-9CB6-D5B68819CA47\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:24:34.053Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0754\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-16T20:59:05.493845Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T20:59:06.949Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PTC\", \"product\": \"ThingWorx Edge C-SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v2.2.12.1052 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Microsoft\", \"product\": \".NET-SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v5.8.4.971 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Edge MicroServer (EMS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v5.4.10.0 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"Kepware KEPServerEX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v6.12 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Kepware Server \", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v6.12 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Industrial Connectivity\", \"versions\": [{\"status\": \"affected\", \"version\": \"All Versions \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Kepware Edge\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v1.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Rockwell Automation \", \"product\": \"KEPServer Enterprise \", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v6.12\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"General Electric \", \"product\": \"Digital Industrial Gateway Server \", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v7.612\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"PTC has released the following resolutions:\\n\\n\\n\\nUpdate the impacted product to the latest version:\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nThingWorx Edge C-SDK: 3.0.0 or later.\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nThingWorx Edge MicroServer (EMS): v5.4.11 or\\nlater.\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\n.NET-SDK: v5.8.5 or later.\\n\\n\\n\\nFor Kepware products, the vulnerability is mitigated if the\\nThingWorx Interface is not enabled. To use the ThingWorx Interface\\nwithout the vulnerability, update to the latest version of the product:\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nKepware KEPServerEX: v6.13 or later.\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nThingWorx Kepware Server (formerly ThingWorx\\nIndustrial Connectivity): v6.13 or later.\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nThingWorx Kepware Edge: v1.6 or later.\\n\\n\\n\\nThe following products should be upgraded as indicated or in\\naccordance with the applicable organization\\u2019s recommendations if the ThingWorx\\nInterface is in use: \\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nRockwell Automation KEPServer Enterprise: v6.13\\nor later.\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nGE Digital Industrial Gateway Server: v7.613 or\\nlater.\\n\\n\\n\\nFor\\nmore information see PTC\\u2019s Customer Support Article\\n.\\n\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003ePTC has released the following resolutions:\u003c/p\u003e\\n\\n\u003cp\u003eUpdate the impacted product to the latest version:\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nThingWorx Edge C-SDK: 3.0.0 or later.\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nThingWorx Edge MicroServer (EMS): v5.4.11 or\\nlater.\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\n.NET-SDK: v5.8.5 or later.\u003c/p\u003e\\n\\n\u003cp\u003eFor Kepware products, the vulnerability is mitigated if the\\nThingWorx Interface is \u003cb\u003enot\u003c/b\u003e enabled. To use the ThingWorx Interface\\nwithout the vulnerability, update to the latest version of the product:\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nKepware KEPServerEX: v6.13 or later.\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nThingWorx Kepware Server (formerly ThingWorx\\nIndustrial Connectivity): v6.13 or later.\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nThingWorx Kepware Edge: v1.6 or later.\u003c/p\u003e\\n\\n\u003cp\u003eThe following products should be upgraded as indicated or in\\naccordance with the applicable organization\\u2019s recommendations if the ThingWorx\\nInterface is in use: \u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nRockwell Automation KEPServer Enterprise: v6.13\\nor later.\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nGE Digital Industrial Gateway Server: v7.613 or\\nlater.\u003c/p\u003e\\n\\n\u003cp\u003eFor\\nmore information see PTC\\u2019s \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ptc.com/en/support/article/CS385715\\\"\u003eCustomer Support Article\\n\u003c/a\u003e.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nThe affected products are vulnerable to an integer\\noverflow or wraparound, which could \\u00a0allow an attacker to crash the server and remotely\\nexecute arbitrary code.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe affected products are vulnerable to an integer\\noverflow or wraparound, which could \u0026nbsp;allow an attacker to crash the server and remotely\\nexecute arbitrary code.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cp\u003e\u003c/p\u003e\\n\\n\\n\\n\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-02-23T21:27:09.964Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-0754\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-16T21:55:46.607Z\", \"dateReserved\": \"2023-02-08T20:15:58.394Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-02-23T21:27:09.964Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…