var-202302-1832
Vulnerability from variot
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1832",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kepserver enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.12"
},
{
"model": "thingworx edge microserver",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.4.10.0"
},
{
"model": "kepware server",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx edge c-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "2.2.12.1052"
},
{
"model": "thingworx kepware edge",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "1.5"
},
{
"model": "kepware serverex",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx .net-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.8.4.971"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "7.612"
},
{
"model": "thingworx edge microserver",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx kepware edge",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "thingworx .net-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware serverex",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thingworx edge c-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx industrial connectivity",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware server",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.4.971",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.12.1052",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.612",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"cve": "CVE-2023-0755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-0755",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-0755",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-0755",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1961",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
},
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0755",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-054-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU92776796",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1203",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-454621",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0755",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"id": "VAR-202302-1832",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:54:30.275000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PTC ThingWorx Edge Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234214"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-129",
"trust": 1.1
},
{
"problemtype": "Improper validation of array indexes (CWE-129) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92776796/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0755"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0755/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1203"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-454621"
},
{
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-454621"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"date": "2023-02-23T22:15:11.427000",
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"date": "2023-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-454621"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0755"
},
{
"date": "2023-10-31T01:55:00",
"db": "JVNDB",
"id": "JVNDB-2023-004515"
},
{
"date": "2023-11-07T04:01:23.837000",
"db": "NVD",
"id": "CVE-2023-0755"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0digital\u00a0industrial\u00a0gateway\u00a0server\u00a0 Vulnerability related to array index validation in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1961"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.