CVE-2023-5909 (GCVE-0-2023-5909)
Vulnerability from cvelistv5 – Published: 2023-11-30 22:05 – Updated: 2026-02-25 17:20
VLAI
Title
Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Severity
7.5 (High)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Kepware Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Industrial Connectivity |
Affected:
All versions
|
|
| PTC | OPC-Aggregator |
Affected:
0 , ≤ 6.14
(custom)
|
|
| PTC | ThingWorx Kepware Edge |
Affected:
0 , ≤ 1.7
(custom)
|
|
| Rockwell Automation | KEPServer Enterprise |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| GE Gigital | Industrial Gateway Server |
Affected:
0 , ≤ 7.614
(custom)
|
|
| Software Toolbox | TOP Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:06:00.963177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:20:07.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:05:59.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5909",
"datePublished": "2023-11-30T22:05:59.595Z",
"dateReserved": "2023-11-01T16:18:45.060Z",
"dateUpdated": "2026-02-25T17:20:07.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-5909",
"date": "2026-05-27",
"epss": "0.00077",
"percentile": "0.22862"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.614\", \"matchCriteriaId\": \"FAC36939-C47F-4426-A684-0252C014CB05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.14.263.0\", \"matchCriteriaId\": \"3C003AF3-3140-4AD9-8407-D3C216D72AA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.14\", \"matchCriteriaId\": \"B0A4FE5D-D1DD-4854-B709-3E0A54D6BE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D01A814D-8F2B-4B88-A66B-F2A2C293A6AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7\", \"matchCriteriaId\": \"E8B99ED4-CEB0-463D-9900-426C6108A009\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.14.263.0\", \"matchCriteriaId\": \"14930935-3DE4-403F-9F6A-9E4490C3B95D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.14.263.0\", \"matchCriteriaId\": \"40663AD6-24DE-4D75-AA95-0D4E6A2ADF04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.14.263.0\", \"matchCriteriaId\": \"CB7C7A8B-38A0-4A48-B78A-F5FAA2A9E20F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\n\\n\\n\\n\\n\\n\\n\\n\\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\\n\\n\\n\\n\\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"KEPServerEX no valida adecuadamente los certificados de los clientes, lo que puede permitir que se conecten usuarios no autenticados.\"}]",
"id": "CVE-2023-5909",
"lastModified": "2024-11-21T08:42:45.260",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-11-30T22:15:10.163",
"references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-297\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5909\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-11-30T22:15:10.163\",\"lastModified\":\"2024-11-21T08:42:45.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\n\\n\\n\\n\\n\\n\\n\\n\\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\\n\\n\\n\\n\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"KEPServerEX no valida adecuadamente los certificados de los clientes, lo que puede permitir que se conecten usuarios no autenticados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-297\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.614\",\"matchCriteriaId\":\"FAC36939-C47F-4426-A684-0252C014CB05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.14.263.0\",\"matchCriteriaId\":\"3C003AF3-3140-4AD9-8407-D3C216D72AA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.14\",\"matchCriteriaId\":\"B0A4FE5D-D1DD-4854-B709-3E0A54D6BE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D01A814D-8F2B-4B88-A66B-F2A2C293A6AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7\",\"matchCriteriaId\":\"E8B99ED4-CEB0-463D-9900-426C6108A009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.14.263.0\",\"matchCriteriaId\":\"14930935-3DE4-403F-9F6A-9E4490C3B95D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.14.263.0\",\"matchCriteriaId\":\"40663AD6-24DE-4D75-AA95-0D4E6A2ADF04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.14.263.0\",\"matchCriteriaId\":\"CB7C7A8B-38A0-4A48-B78A-F5FAA2A9E20F\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03\", \"tags\": [\"government-resource\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:14:24.693Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5909\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-09T05:06:00.963177Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T16:54:26.996Z\"}}], \"cna\": {\"title\": \"Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Shawn Hoffman\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PTC\", \"product\": \"KEPServerEX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.14.263.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Kepware Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.14.263.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Industrial Connectivity\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"OPC-Aggregator\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTC\", \"product\": \"ThingWorx Kepware Edge\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.7\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Rockwell Automation \", \"product\": \"KEPServer Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.14.263.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"GE Gigital\", \"product\": \"Industrial Gateway Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.614\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Software Toolbox\", \"product\": \"TOP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.14.263.0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\nPTC has released and recommends users to update to the following versions:\\n\\n * KEPServerEX should upgrade to v6.15 or later\\n * ThingWorx Kepware Server should upgrade to v6.15 or later\\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\\n * OPC-Aggregator should upgrade to v6.15 or later\\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\\n\\n\\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \\n\\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \\n\\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\\\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\\\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ptc.com/en/support/article/CS405439\\\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\n\\n\\n\\n\\n\\n\\n\\n\\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003e\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\\n\\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\\n\\n\u003cbr\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-297\", \"description\": \"CWE-297 Improper Validation of Certificate with Host Mismatch\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-11-30T22:05:59.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-5909\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T17:20:07.195Z\", \"dateReserved\": \"2023-11-01T16:18:45.060Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-11-30T22:05:59.595Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…