Lucene search
K

108 matches found

Vulnrichment
Vulnrichment
added 2024/01/10 8:24 p.m.3 views

CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

5.7CVSS7.1AI score0.00306EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/10 8:21 p.m.26 views

CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS5AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 8:21 p.m.18 views

CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS7AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/10 8:17 p.m.35 views

CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...

7.8CVSS7.8AI score0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 8:17 p.m.2 views

CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...

7.8CVSS7.2AI score0.00217EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.6 views

The software vulnerabilities of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server allow attackers to execute arbitrary code or cause service failures.

The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the execution of operations outside the buffer in memory. Exploiting these...

10CVSS8.6AI score0.10062EPSS
Exploits0References3Affected Software4
NVD
NVD
added 2023/11/30 10:15 p.m.28 views

CVE-2023-5909

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...

7.5CVSS0.00442EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 10:15 p.m.4 views

CVE-2023-5908

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...

9.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2023/11/30 10:15 p.m.36 views

CVE-2023-5908

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...

9.1CVSS0.00962EPSS
Exploits0References1
Prion
Prion
added 2023/11/30 10:15 p.m.19 views

Buffer overflow

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...

6.4CVSS7.5AI score0.00962EPSS
Exploits0References1Affected Software7
Prion
Prion
added 2023/11/30 10:15 p.m.24 views

Code injection

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...

5CVSS7.2AI score0.00442EPSS
Exploits0References1Affected Software7
CVE
CVE
added 2023/11/30 10:5 p.m.55 views

CVE-2023-5909

CVE-2023-5909 (part of the CTR/KEPServerEX issue set) concerns improper validation of client certificates with host mismatch in PTC’s KEPServerEX ecosystem. Affected products include KEPServerEX and related Kepware/ThingWorx components, with versions up to 6.14.263.0 and prior. The root cause is ...

7.5CVSS7.7AI score0.00442EPSS
Exploits0References1Affected Software8
Vulnrichment
Vulnrichment
added 2023/11/30 10:5 p.m.2 views

CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...

7.5CVSS5.3AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 10:3 p.m.38 views

CVE-2023-5908 Heap Based Buffer Overflow in PTC KEPServerEx

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...

9.1CVSS9.5AI score0.00962EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 10:3 p.m.67 views

CVE-2023-5908

CVE-2023-5908 affects PTC Kepware’s KEPServerEX (and related Kepware products) with a heap-based buffer overflow vulnerability. Affected versions include KEPServerEX v6.14.263.0 and older. The issue could allow an attacker to crash the target or leak information on a network without authenticatio...

9.1CVSS9.4AI score0.00962EPSS
Exploits0References1Affected Software8
CISA
CISA
added 2023/11/30 12:0 p.m.7 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on November 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-334-01 Delta Electronics DOPSoft ICSA-23-334-02 Yokogawa STARDOM ICSA-23-334-03 PTC...

7.1AI score
Exploits0References4
ICS
ICS
added 2023/11/30 7:0 a.m.55 views

PTC KEPServerEx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities : Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful...

9.1CVSS9AI score0.00962EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.35 views

PTC KEPServerEX Trust Management Issue Vulnerability

PTC KEPserverEX is a connectivity platform from PTC. Users can connect, manage, monitor and control a variety of automation devices and software applications through an intuitive user interface. A security vulnerability exists in PTC KEPServerEX version v6.14.263.0 and prior versions, which stems...

7.5CVSS6.7AI score0.00442EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.41 views

PTC KEPserverEX Security Vulnerability

PTC KEPserverEX is a connectivity platform from PTC. Users can connect, manage, monitor and control a variety of automation devices and software applications through an intuitive user interface. A security vulnerability exists in PTC KEPserverEX version v6.14.263.0 and prior versions. An attacker...

9.1CVSS6.7AI score0.00962EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.7 views

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, related to an uncontrolled element in the search process, allows a hacker to increase privileges within the system and load any desired DLL library.

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to increase their privileges within the system and load any desired DLL libraries...

6.3CVSS7.2AI score0.00217EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder