Vulnerability Description
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Industrial Gateway Server | <= 7.614 |
| Ptc | Keepserverex | <= 6.14.263.0 |
| Ptc | Opc-Aggregator | <= 6.14 |
| Ptc | Thingworx Industrial Connectivity | - |
| Ptc | Thingworx Kepware Edge | <= 1.7 |
| Ptc | Thingworx Kepware Server | <= 6.14.263.0 |
| Rockwellautomation | Kepserver Enterprise | <= 6.14.263.0 |
| Softwaretoolbox | Top Server | <= 6.14.263.0 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-5909?
CVE-2023-5909 is a vulnerability with a CVSS score of 7.5 (HIGH). KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
How severe is CVE-2023-5909?
CVE-2023-5909 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5909?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Industrial Gateway Server, Ptc Keepserverex, Ptc Opc-Aggregator, Ptc Thingworx Industrial Connectivity, Ptc Thingworx Kepware Edge.