Vulnerability Description
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
CVSS Score
5.7
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ptc | Kepware Kepserverex | >= 6.0.2107.0, <= 6.14.263.0 |
| Ptc | Thingworx Kepware Server | >= 6.8, <= 6.14.263.0 |
| Ptc | Thingworx Industrial Connectivity | >= 8.0, <= 8.5 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03Third Party AdvisoryUS Government Resource
- https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/Third Party Advisory
- https://www.ptc.com/en/support/article/cs399528Vendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03Third Party AdvisoryUS Government Resource
- https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/Third Party Advisory
- https://www.ptc.com/en/support/article/cs399528Vendor Advisory
FAQ
What is CVE-2023-29447?
CVE-2023-29447 is a vulnerability with a CVSS score of 5.7 (MEDIUM). An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
How severe is CVE-2023-29447?
CVE-2023-29447 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29447?
Check the references section above for vendor advisories and patch information. Affected products include: Ptc Kepware Kepserverex, Ptc Thingworx Kepware Server, Ptc Thingworx Industrial Connectivity.