Vulnerability Description
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Industrial Gateway Server | <= 7.614 |
| Ptc | Keepserverex | <= 6.14.263.0 |
| Ptc | Opc-Aggregator | <= 6.14 |
| Ptc | Thingworx Industrial Connectivity | - |
| Ptc | Thingworx Kepware Edge | <= 1.7 |
| Ptc | Thingworx Kepware Server | <= 6.14.263.0 |
| Rockwellautomation | Kepserver Enterprise | <= 6.14.263.0 |
| Softwaretoolbox | Top Server | <= 6.14.263.0 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-5908?
CVE-2023-5908 is a vulnerability with a CVSS score of 9.1 (CRITICAL). KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
How severe is CVE-2023-5908?
CVE-2023-5908 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-5908?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Industrial Gateway Server, Ptc Keepserverex, Ptc Opc-Aggregator, Ptc Thingworx Industrial Connectivity, Ptc Thingworx Kepware Edge.