CVE-2023-5909

EPSS 0.08%
Veröffentlicht 30.11.2023 22:15:10
Zuletzt bearbeitet 21.11.2024 08:42:45
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx









KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 8 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ge ≫ Industrial Gateway Server Version <= 7.614

Ptc ≫ Keepserverex Version <= 6.14.263.0

Ptc ≫ Opc-aggregator Version <= 6.14

Ptc ≫ Thingworx Industrial Connectivity Version-

Ptc ≫ Thingworx Kepware Edge Version <= 1.7

Ptc ≫ Thingworx Kepware Server Version <= 6.14.263.0

Rockwellautomation ≫ Kepserver Enterprise Version <= 6.14.263.0

Softwaretoolbox ≫ Top Server Version <= 6.14.263.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.233

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-5909

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5909

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5909

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-5909