CVE-2023-5909

Summary

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

Affected Software

VendorProductVersion RangeStatus
PTCKEPServerEX0 <= 6.14.263.0affected
PTCThingWorx Kepware Server0 <= 6.14.263.0affected
PTCThingWorx Industrial ConnectivityAll versionsaffected
PTCOPC-Aggregator0 <= 6.14affected
PTCThingWorx Kepware Edge0 <= 1.7affected
Rockwell AutomationKEPServer Enterprise0 <= 6.14.263.0affected
GE GigitalIndustrial Gateway Server0 <= 7.614affected
Software ToolboxTOP Server0 <= 6.14.263.0affected

Weaknesses

  • CWE-297: CWE-297 Improper Validation of Certificate with Host Mismatch

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References