CVE-2023-0754

Summary

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
PTCThingWorx Edge C-SDK0 <= v2.2.12.1052affected
Microsoft.NET-SDK0 <= v5.8.4.971affected
PTCThingWorx Edge MicroServer (EMS)0 <= v5.4.10.0affected
PTCKepware KEPServerEX0 <= v6.12affected
PTCThingWorx Kepware Server0 <= v6.12affected
PTCThingWorx Industrial ConnectivityAll Versionsaffected
PTCThingWorx Kepware Edge0 <= v1.5affected
Rockwell AutomationKEPServer Enterprise0 <= v6.12affected
General ElectricDigital Industrial Gateway Server0 <= v7.612affected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References