108 matches found
CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...
CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...
The software vulnerabilities of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server allow attackers to execute arbitrary code or cause service failures.
The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the execution of operations outside the buffer in memory. Exploiting these...
CVE-2023-5909
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...
CVE-2023-5908
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...
CVE-2023-5908
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...
Buffer overflow
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...
Code injection
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...
CVE-2023-5909
CVE-2023-5909 (part of the CTR/KEPServerEX issue set) concerns improper validation of client certificates with host mismatch in PTC’s KEPServerEX ecosystem. Affected products include KEPServerEX and related Kepware/ThingWorx components, with versions up to 6.14.263.0 and prior. The root cause is ...
CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...
CVE-2023-5908 Heap Based Buffer Overflow in PTC KEPServerEx
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information...
CVE-2023-5908
CVE-2023-5908 affects PTC Kepware’s KEPServerEX (and related Kepware products) with a heap-based buffer overflow vulnerability. Affected versions include KEPServerEX v6.14.263.0 and older. The issue could allow an attacker to crash the target or leak information on a network without authenticatio...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on November 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-334-01 Delta Electronics DOPSoft ICSA-23-334-02 Yokogawa STARDOM ICSA-23-334-03 PTC...
PTC KEPServerEx
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities : Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful...
PTC KEPServerEX Trust Management Issue Vulnerability
PTC KEPserverEX is a connectivity platform from PTC. Users can connect, manage, monitor and control a variety of automation devices and software applications through an intuitive user interface. A security vulnerability exists in PTC KEPServerEX version v6.14.263.0 and prior versions, which stems...
PTC KEPserverEX Security Vulnerability
PTC KEPserverEX is a connectivity platform from PTC. Users can connect, manage, monitor and control a variety of automation devices and software applications through an intuitive user interface. A security vulnerability exists in PTC KEPserverEX version v6.14.263.0 and prior versions. An attacker...
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, related to an uncontrolled element in the search process, allows a hacker to increase privileges within the system and load any desired DLL library.
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to increase their privileges within the system and load any desired DLL libraries...