Vulnerability Description
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Digital Industrial Gateway Server | <= 7.612 |
| Ptc | Kepware Server | <= 6.12 |
| Ptc | Kepware Serverex | <= 6.12 |
| Ptc | Thingworx .Net-Sdk | <= 5.8.4.971 |
| Ptc | Thingworx Edge C-Sdk | <= 2.2.12.1052 |
| Ptc | Thingworx Edge Microserver | <= 5.4.10.0 |
| Ptc | Thingworx Industrial Connectivity | All versions |
| Ptc | Thingworx Kepware Edge | <= 1.5 |
| Rockwellautomation | Kepserver Enterprise | <= 6.12 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-0754?
CVE-2023-0754 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code.
How severe is CVE-2023-0754?
CVE-2023-0754 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-0754?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Digital Industrial Gateway Server, Ptc Kepware Server, Ptc Kepware Serverex, Ptc Thingworx .Net-Sdk, Ptc Thingworx Edge C-Sdk.