All the vulnerabilites related to PTC - ThingWorx Edge C-SDK
cve-2023-0755
Vulnerability from cvelistv5
Published
2023-02-23 21:23
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge C-SDK",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v2.2.12.1052 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": ".NET-SDK",
"vendor": "Microsoft",
"versions": [
{
"lessThanOrEqual": "v5.8.4.971 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge MicroServer (EMS)",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v5.4.10.0 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server ",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All Versions "
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise ",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "v6.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital Industrial Gateway Server ",
"vendor": "General Electric ",
"versions": [
{
"lessThanOrEqual": "v7.612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-02-23T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.\u003c/span\u003e\n\n"
}
],
"value": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T21:23:19.210Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePTC has released the following resolutions:\u003c/p\u003e\n\n\u003cp\u003eUpdate the impacted product to the latest version:\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Edge C-SDK: 3.0.0 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\n.NET-SDK: v5.8.5 or later.\u003c/p\u003e\n\n\u003cp\u003eFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is \u003cb\u003enot\u003c/b\u003e enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nKepware KEPServerEX: v6.13 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Kepware Edge: v1.6 or later.\u003c/p\u003e\n\n\u003cp\u003eThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\u003c/p\u003e\n\n\u003cp\u003eFor\nmore information see PTC\u2019s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS385715\"\u003eCustomer Support Article\n\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "PTC has released the following resolutions:\n\n\n\nUpdate the impacted product to the latest version:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge C-SDK: 3.0.0 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\n.NET-SDK: v5.8.5 or later.\n\n\n\nFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is not enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nKepware KEPServerEX: v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Edge: v1.6 or later.\n\n\n\nThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\n\n\n\nFor\nmore information see PTC\u2019s Customer Support Article\n.\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0755",
"datePublished": "2023-02-23T21:23:19.210Z",
"dateReserved": "2023-02-08T20:21:34.258Z",
"dateUpdated": "2024-08-02T05:24:34.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0754
Vulnerability from cvelistv5
Published
2023-02-23 21:27
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
The affected products are vulnerable to an integer
overflow or wraparound, which could allow an attacker to crash the server and remotely
execute arbitrary code.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge C-SDK",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v2.2.12.1052 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": ".NET-SDK",
"vendor": "Microsoft",
"versions": [
{
"lessThanOrEqual": "v5.8.4.971 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Edge MicroServer (EMS)",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v5.4.10.0 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server ",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v6.12 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All Versions "
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise ",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "v6.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital Industrial Gateway Server ",
"vendor": "General Electric ",
"versions": [
{
"lessThanOrEqual": "v7.612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe affected products are vulnerable to an integer\noverflow or wraparound, which could \u0026nbsp;allow an attacker to crash the server and remotely\nexecute arbitrary code.\u003c/p\u003e\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\nThe affected products are vulnerable to an integer\noverflow or wraparound, which could \u00a0allow an attacker to crash the server and remotely\nexecute arbitrary code.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T21:27:09.964Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePTC has released the following resolutions:\u003c/p\u003e\n\n\u003cp\u003eUpdate the impacted product to the latest version:\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Edge C-SDK: 3.0.0 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\n.NET-SDK: v5.8.5 or later.\u003c/p\u003e\n\n\u003cp\u003eFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is \u003cb\u003enot\u003c/b\u003e enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nKepware KEPServerEX: v6.13 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nThingWorx Kepware Edge: v1.6 or later.\u003c/p\u003e\n\n\u003cp\u003eThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\u003c/p\u003e\n\n\u003cp\u003eFor\nmore information see PTC\u2019s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS385715\"\u003eCustomer Support Article\n\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "PTC has released the following resolutions:\n\n\n\nUpdate the impacted product to the latest version:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge C-SDK: 3.0.0 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\n.NET-SDK: v5.8.5 or later.\n\n\n\nFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is not enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nKepware KEPServerEX: v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Edge: v1.6 or later.\n\n\n\nThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\n\n\n\nFor\nmore information see PTC\u2019s Customer Support Article\n.\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0754",
"datePublished": "2023-02-23T21:27:09.964Z",
"dateReserved": "2023-02-08T20:15:58.394Z",
"dateUpdated": "2024-08-02T05:24:34.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202302-1832
Vulnerability from variot
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1832",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kepserver enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.12"
},
{
"model": "thingworx edge microserver",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.4.10.0"
},
{
"model": "kepware server",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx edge c-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "2.2.12.1052"
},
{
"model": "thingworx kepware edge",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "1.5"
},
{
"model": "kepware serverex",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx .net-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.8.4.971"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "7.612"
},
{
"model": "thingworx edge microserver",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx kepware edge",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "thingworx .net-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware serverex",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thingworx edge c-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx industrial connectivity",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware server",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.4.971",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.12.1052",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.612",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"cve": "CVE-2023-0755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-0755",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-0755",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-0755",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1961",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
},
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0755",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-054-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU92776796",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1203",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-454621",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0755",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"id": "VAR-202302-1832",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:54:30.275000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PTC ThingWorx Edge Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234214"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-129",
"trust": 1.1
},
{
"problemtype": "Improper validation of array indexes (CWE-129) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92776796/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0755"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0755/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1203"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-454621"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"date": "2023-02-23T22:15:11.427000",
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"date": "2023-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-454621"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"date": "2023-10-31T01:55:00",
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"date": "2023-11-07T04:01:23.837000",
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0digital\u00a0industrial\u00a0gateway\u00a0server\u00a0 Vulnerability related to array index validation in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
],
"trust": 0.6
}
}
var-202302-1840
Vulnerability from variot
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain integer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States. ThingWorx Edge C-SDK version 2.2.12.1052 and earlier versions have an input validation error vulnerability, which is caused by integer overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1840",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kepserver enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.12"
},
{
"model": "thingworx edge microserver",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.4.10.0"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "*"
},
{
"model": "kepware server",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx edge c-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "2.2.12.1052"
},
{
"model": "thingworx kepware edge",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "1.5"
},
{
"model": "kepware serverex",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx .net-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.8.4.971"
},
{
"model": "digital industrial gateway server",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "7.612"
},
{
"model": "thingworx edge microserver",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx kepware edge",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "thingworx .net-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware serverex",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thingworx edge c-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx industrial connectivity",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware server",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.4.971",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.12.1052",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.612",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0754"
}
]
},
"cve": "CVE-2023-0754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-0754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-0754",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-0754",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1949",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThe affected products are vulnerable to an integer\noverflow or wraparound, which could \u00a0allow an attacker to crash the server and remotely\nexecute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain integer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States. \nThingWorx Edge C-SDK version 2.2.12.1052 and earlier versions have an input validation error vulnerability, which is caused by integer overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
},
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0754",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-054-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU92776796",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1203",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-454620",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0754",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"id": "VAR-202302-1840",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:54:30.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PTC ThingWorx Edge Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234213"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92776796/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0754"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0754/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1203"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-454620"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"date": "2023-02-23T22:15:11.333000",
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"date": "2023-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-454620"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"date": "2023-10-31T02:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"date": "2023-11-07T04:01:23.633000",
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0digital\u00a0industrial\u00a0gateway\u00a0server\u00a0 Integer overflow vulnerability in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
],
"trust": 0.6
}
}