Article - CS397286
Security vulnerability identified in PTC Kepware Products - CVE-2023-3825
Modified: 26-Jul-2023
Applies To
- ThingWorx Kepware Server 8.0 to 6.14
- KEPServerEX 6.0.2107.0 to 6.14
- Zero Day Initiative in collaboration with security researcher Claroty published results from PWN2OWN Miami in which Claroty successfully demonstrated a DoS attack on KEPServerEX by performing resource exhaustion
- The attack vector leveraged during the event involved the creation of an un-authenticated a bad-acting OPC UA Client
- Standard controls available in the product and outlined in the Secure Deployment guide are sufficient to mitigate this vulnerability
- Kepware will be producing a fix for the vulnerability irrespective of authentication that will remediate this vulnerability. This fix will be part of the KEPServerEX version 6.15 release in the second half of 2023
Description
- Zero Day Initiative in collaboration with security researcher Claroty Team82 published results from PWN2OWN Miami in which Claroty successfully demonstrated a DoS attack on KEPServerEX by performing resource exhaustion
- CVSS 3.1 Score: 7.5 High
- CVSS 3.1 Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE: CWE-400 UNCONTROLLED RESOURCE CONSUMPTION
- KEPServerEX v6.13.250.0 or lower is vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption
- KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays
- It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed
- Common Vulnerabilities and Exposures: CVE-2023-3825 has been assigned to this vulnerability
Researcher Attribution: Claroty Team82
This is a printer-friendly version of Article 397286 and may be out of date. For the latest version click CS397286