Article - CS385715
Security vulnerabilities identified in ThingWorx Edge C-SDK 2.2.12.1052 or lower
Modified: 31-Mar-2023
Applies To
- ThingWorx Kepware Edge 1.0 to 1.5
- ThingWorx C-SDK 2.2.12.1052 or lower
- ThingWorx Edge MicroServer (EMS) 5.4.10.0 or lower
- ThingWorx .NET-SDK 5.8.4.971 or lower
- ThingWorx Kepware Server (formerly ThingWorx Industrial Connectivity) 6.12 or lower
- Kepware KEPServerEX 6.0 to 6.12
- Rockwell Automation KEPServer Enterprise 6.10 to 6.12
- GE Digital Industrial Gateway Server 7.62 to 7.612
Description
- Impact of CVE-2023-0754 and CVE-2023-0755 on the ThingWorx Edge C-SDK
- What PTC products are impacted by CVE-2023-0754 and CVE-2023-0755
- Mitigation of the CVE-2023-0754 and CVE-2023-0755 in the ThingWorx Edge C-SDK
- Vulnerability Details
- CVE-2023-0755
- CVSS 3.1 Score: 9.8 Critical
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE: CWE-129 Improper Validation of Array Index
- This vulnerability could allow an attacker to crash the server and remotely execute code.
- Common Vulnerabilities and Exposures: CVE-2023-0755 has been assigned to this vulnerability
- Researcher Attribution: Chris Anastasio and Steven Seeley of Incite Team
- CVE-2023-0754
- CVSS 3.1 Score: 9.8 Critical
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE: CWE-190: Integer Overflow or Wraparound
- This vulnerability could allow an attacker to crash the server and remotely execute code.
- Common Vulnerabilities and Exposures: CVE-2023-0754 has been assigned to this vulnerability.
- Researcher Attribution: Chris Anastasio and Steven Seeley of Incite Team
- CVE-2023-0755
This is a printer-friendly version of Article 385715 and may be out of date. For the latest version click CS385715