Lucene search
HistoryFeb 23, 2023 - 10:15 p.m.
CVE-2023-0755
vulnerable product
remote code execution
improper validation
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.4%
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
Affected configurations
Node
gedigital_industrial_gateway_serverRange≤7.612
ORptckepware_serverRange≤6.12
ORptckepware_serverexRange≤6.12
ORptcthingworx_.net-sdkRange≤5.8.4.971
ORptcthingworx_edge_c-sdkRange≤2.2.12.1052
ORptcthingworx_edge_microserverRange≤5.4.10.0
ORptcthingworx_industrial_connectivityMatch-
ORptcthingworx_kepware_edgeRange≤1.5
ORrockwellautomationkepserver_enterpriseRange≤6.12
Related
prion
prion
Input validation
2023-02-23 22:15:00
srcincite
srcincite
cve
cve
CVE-2023-0755
2023-02-23 22:15:11
cvelist
cvelist
CVE-2023-0755
2023-02-23 21:23:19
ics
ics
PTC ThingWorx Edge
2023-02-23 12:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.4%
Related for NVD:CVE-2023-0755