Lucene search
K

96 matches found

Cvelist
Cvelist
added 2024/01/10 8:21 p.m.26 views

CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS5AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/10 8:17 p.m.35 views

CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...

7.8CVSS7.8AI score0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 5:6 p.m.8 views

CVE-2023-29444 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...

6.3CVSS7.6AI score0.00171EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.7 views

The software vulnerabilities of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server allow attackers to execute arbitrary code or cause service failures.

The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the execution of operations outside the buffer in memory. Exploiting these...

10CVSS8.6AI score0.10062EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.6 views

The software of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server is vulnerable, allowing a attacker to cause service failures.

The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the use of memory after it is freed. Exploiting these vulnerabilities can...

7.8CVSS7.8AI score0.04941EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/12/14 12:0 a.m.12 views

The vulnerabilities of the OPC-server software products such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are related to errors in the certificate validation process. These vulnerabilities allow attackers to bypass the certificate validation checks.

The vulnerabilities of the OPC-server software products such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are...

7.8CVSS7.2AI score0.00442EPSS
Exploits0References2Affected Software7
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.7 views

The vulnerabilities of the OPC-server software programs such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are related to the possibility of buffer overflows in dynamic memory. This allows attackers to access protected information or cause service failures.

The vulnerabilities of the OPC-server software products such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are...

9.4CVSS8AI score0.00962EPSS
Exploits0References2Affected Software7
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.9 views

The vulnerability of Kepware KEPServerEX and ThingWorkx Kepware Server software lies in the uncontrolled element of the search path, allowing a attacker to replace the installer with an arbitrary DLL library.

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a attacker to replace the installer with a program that uses arbitrary DLL libraries...

6.3CVSS7.3AI score0.00171EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.10 views

The vulnerability of Kepware KEPServerEX and Kepware Server’s software lies in the insufficient protection of registration data, allowing attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

6.1CVSS5.9AI score0.00306EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.8 views

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, related to an uncontrolled element in the search process, allows a hacker to increase privileges within the system and load any desired DLL library.

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to increase their privileges within the system and load any desired DLL libraries...

6.3CVSS7.2AI score0.00217EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.8 views

The vulnerability of Kepware OPC-server software from Kepware KEPServerEX and ThingWorkx Kepware Server lies in the insufficient validation of input data, allowing attackers to access confidential information.

The vulnerability of the OPC-server software from Kepware, KEPServerEX, and ThingWorkx Kepware Server, lies in insufficient validation of input data. Exploiting this vulnerability can allow attackers to access confidential information by loading any arbitrary project file...

4.7CVSS5.6AI score0.00214EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.4 views

PTC Kepware KEPServerEX Security Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KepServerEX 6.14.263.0 and prior versions, which originates from a locally authenticated attacker who can escalate privileges to administrator by...

7.8CVSS6.8AI score0.00217EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.4 views

PTC Kepware KEPServerEX Security Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and prior versions, which stems from the Web server's use of basic authentication to protect user credentials, and can be...

5.7CVSS7.1AI score0.00306EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.5 views

PTC Kepware KEPServerEX Security Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and earlier versions, which stems from the vulnerability of KEPServerEX's installer to DLL search order hijacking, which could...

7.3CVSS7.4AI score0.00171EPSS
Exploits0References4
ICS
ICS
added 2023/08/31 6:0 a.m.158 views

PTC Kepware KepServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...

7.8CVSS7.1AI score0.00306EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.4 views

PT-2023-5235 · Kepware +1 · Kepserverex +1

Name of the Vulnerable Software and Affected Versions: KEPServerEX versions affected versions not specified ThingWorx Kepware Server versions affected versions not specified Description: The issue is related to an uncontrolled search path element vulnerability, also known as DLL hijacking. This...

7.3CVSS7.2AI score0.00171EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.4 views

PT-2023-5234 · Kepware +1 · Kepserverex +1

Name of the Vulnerable Software and Affected Versions: KEPServerEX versions affected versions not specified ThingWorx Kepware Server versions affected versions not specified Description: The issue is related to an uncontrolled search path element, which could allow a locally authenticated adversa...

7.8CVSS7.4AI score0.00217EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.7 views

PTC Kepware KEPServerEX 缓冲区错误漏洞

PTC Kepware KEPServerEX is an industrial automation data connectivity solution u200bu200b from PTC Corporation. A buffer error vulnerability exists in PTC Kepware KEPServerEX versions 6.0 through 6.14.263, which stems from the vulnerability of being easily forced to read recursively defined...

7.5CVSS7.5AI score0.0077EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 7:15 p.m.5 views

CVE-2022-2848

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...

9.1CVSS6.2AI score0.03366EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.38 views

CVE-2022-2848

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...

9.1CVSS9.5AI score0.03366EPSS
Exploits0References2
Rows per page
Query Builder