VAR-202302-1832
Vulnerability from variot - Updated: 2023-12-18 12:54The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1832",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kepserver enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.12"
},
{
"model": "thingworx edge microserver",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.4.10.0"
},
{
"model": "kepware server",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx edge c-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "2.2.12.1052"
},
{
"model": "thingworx kepware edge",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "1.5"
},
{
"model": "kepware serverex",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx .net-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.8.4.971"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "7.612"
},
{
"model": "thingworx edge microserver",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx kepware edge",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "thingworx .net-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware serverex",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thingworx edge c-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx industrial connectivity",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware server",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.4.971",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.12.1052",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.612",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"cve": "CVE-2023-0755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-0755",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-0755",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-0755",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1961",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
},
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0755",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-054-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU92776796",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1203",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-454621",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0755",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"id": "VAR-202302-1832",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:54:30.275000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PTC ThingWorx Edge Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234214"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-129",
"trust": 1.1
},
{
"problemtype": "Improper validation of array indexes (CWE-129) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92776796/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0755"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0755/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1203"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-454621"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"date": "2023-02-23T22:15:11.427000",
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"date": "2023-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-454621"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"date": "2023-10-31T01:55:00",
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"date": "2023-11-07T04:01:23.837000",
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0digital\u00a0industrial\u00a0gateway\u00a0server\u00a0 Vulnerability related to array index validation in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…