Description
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- General Electric / Digital Industrial Gateway Server0 – v7.612
- Microsoft / .NET-SDK0 – v5.8.4.971
- PTC / Kepware KEPServerEX0 – v6.12
- PTC / ThingWorx Edge C-SDK0 – v2.2.12.1052
- PTC / ThingWorx Edge MicroServer (EMS)0 – v5.4.10.0
- PTC / ThingWorx Industrial ConnectivityAll Versions – All Versions
- PTC / ThingWorx Kepware Edge0 – v1.5
- PTC / ThingWorx Kepware Server0 – v6.12
- Rockwell Automation / KEPServer Enterprise0 – v6.12
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01