var-202302-1840
Vulnerability from variot
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain integer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States. ThingWorx Edge C-SDK version 2.2.12.1052 and earlier versions have an input validation error vulnerability, which is caused by integer overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1840",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kepserver enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.12"
},
{
"model": "thingworx edge microserver",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.4.10.0"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "*"
},
{
"model": "kepware server",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx edge c-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "2.2.12.1052"
},
{
"model": "thingworx kepware edge",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "1.5"
},
{
"model": "kepware serverex",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.12"
},
{
"model": "thingworx .net-sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "5.8.4.971"
},
{
"model": "digital industrial gateway server",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "7.612"
},
{
"model": "thingworx edge microserver",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx kepware edge",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "digital industrial gateway server",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "thingworx .net-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware serverex",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thingworx edge c-sdk",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "thingworx industrial connectivity",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
},
{
"model": "kepware server",
"scope": null,
"trust": 0.8,
"vendor": "ptc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.4.971",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.12.1052",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.612",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0754"
}
]
},
"cve": "CVE-2023-0754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-0754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-0754",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-0754",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1949",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThe affected products are vulnerable to an integer\noverflow or wraparound, which could \u00a0allow an attacker to crash the server and remotely\nexecute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain integer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States. \nThingWorx Edge C-SDK version 2.2.12.1052 and earlier versions have an input validation error vulnerability, which is caused by integer overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
},
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-0754",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-054-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU92776796",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.1203",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-454620",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-0754",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"id": "VAR-202302-1840",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:54:30.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PTC ThingWorx Edge Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234213"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92776796/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0754"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-0754/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1203"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-454620"
},
{
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-454620"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"date": "2023-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"date": "2023-02-23T22:15:11.333000",
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"date": "2023-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-454620"
},
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-0754"
},
{
"date": "2023-10-31T02:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-004519"
},
{
"date": "2023-11-07T04:01:23.633000",
"db": "NVD",
"id": "CVE-2023-0754"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0digital\u00a0industrial\u00a0gateway\u00a0server\u00a0 Integer overflow vulnerability in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1949"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.