CVE-2023-5909

🗓️ 30 Nov 2023 22:05:59Reported by icscertType

KEPServerEX certificate validation vulnerability

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2023-5909	21 Dec 202310:12	–	circl
CNNVD	PTC KEPServerEX Trust Management Issue Vulnerability	30 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx	30 Nov 202322:05	–	cvelist
EUVD	EUVD-2023-58182	3 Oct 202520:07	–	euvd
ICS	PTC KEPServerEx	30 Nov 202307:00	–	ics
NVD	CVE-2023-5909	30 Nov 202322:15	–	nvd
Prion	Code injection	30 Nov 202322:15	–	prion
Vulnrichment	CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx	30 Nov 202322:05	–	vulnrichment

NVD

Vulners

Node

ge industrial_gateway_serverRange≤7.614

ptc keepserverexRange≤6.14.263.0

ptc opc-aggregatorRange≤6.14

ptc thingworx_industrial_connectivityMatch-

ptc thingworx_kepware_edgeRange≤1.7

ptc thingworx_kepware_serverRange≤6.14.263.0

rockwellautomation kepserver_enterpriseRange≤6.14.263.0

softwaretoolbox top_serverRange≤6.14.263.0

[
  {
    "defaultStatus": "unaffected",
    "product": "KEPServerEX",
    "vendor": "PTC",
    "versions": [
      {
        "lessThanOrEqual": "6.14.263.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ThingWorx Kepware Server",
    "vendor": "PTC",
    "versions": [
      {
        "lessThanOrEqual": "6.14.263.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ThingWorx Industrial Connectivity",
    "vendor": "PTC",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OPC-Aggregator",
    "vendor": "PTC",
    "versions": [
      {
        "lessThanOrEqual": "6.14",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ThingWorx Kepware Edge",
    "vendor": "PTC",
    "versions": [
      {
        "lessThanOrEqual": "1.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "KEPServer Enterprise",
    "vendor": "Rockwell Automation ",
    "versions": [
      {
        "lessThanOrEqual": "6.14.263.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Industrial Gateway Server",
    "vendor": "GE Gigital",
    "versions": [
      {
        "lessThanOrEqual": "7.614",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TOP Server",
    "vendor": "Software Toolbox",
    "versions": [
      {
        "lessThanOrEqual": "6.14.263.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-334-03

21 Nov 2024 08:42Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.00077

SSVC