Details of VAR-202302-1832

ID

VAR-202302-1832

CVE

CVE-2023-0755

TITLE

General Electric Company of digital industrial gateway server Vulnerability related to array index validation in products from other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2023-004515

DESCRIPTION

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain array index validation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States

Trust: 2.34

sources: NVD: CVE-2023-0755 // JVNDB: JVNDB-2023-004515 // CNNVD: CNNVD-202302-1961 // VULHUB: VHN-454621 // VULMON: CVE-2023-0755

AFFECTED PRODUCTS

vendor:	ptc	model:	kepware server	scope:	lte	version:	6.12	Trust: 1.0
vendor:	ptc	model:	thingworx kepware edge	scope:	lte	version:	1.5	Trust: 1.0
vendor:	ptc	model:	thingworx .net-sdk	scope:	lte	version:	5.8.4.971	Trust: 1.0
vendor:	ptc	model:	kepware serverex	scope:	lte	version:	6.12	Trust: 1.0
vendor:	rockwellautomation	model:	kepserver enterprise	scope:	lte	version:	6.12	Trust: 1.0
vendor:	ptc	model:	thingworx industrial connectivity	scope:	eq	version:	-	Trust: 1.0
vendor:	ptc	model:	thingworx edge microserver	scope:	lte	version:	5.4.10.0	Trust: 1.0
vendor:	ge	model:	digital industrial gateway server	scope:	lte	version:	7.612	Trust: 1.0
vendor:	ptc	model:	thingworx edge c-sdk	scope:	lte	version:	2.2.12.1052	Trust: 1.0
vendor:	ptc	model:	thingworx edge microserver	scope:	-	version:	-	Trust: 0.8
vendor:	ptc	model:	thingworx kepware edge	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	digital industrial gateway server	scope:	-	version:	-	Trust: 0.8
vendor:	ptc	model:	thingworx .net-sdk	scope:	-	version:	-	Trust: 0.8
vendor:	ptc	model:	kepware serverex	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	kepserver enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	ptc	model:	thingworx edge c-sdk	scope:	-	version:	-	Trust: 0.8
vendor:	ptc	model:	thingworx industrial connectivity	scope:	-	version:	-	Trust: 0.8
vendor:	ptc	model:	kepware server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-004515 // NVD: CVE-2023-0755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-0755
value:	CRITICAL
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2023-0755
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-0755
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202302-1961
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2023-0755
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-0755
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004515 // CNNVD: CNNVD-202302-1961 // NVD: CVE-2023-0755 // NVD: CVE-2023-0755

PROBLEMTYPE DATA

problemtype:	CWE-129	Trust: 1.1
problemtype:	Improper validation of array indexes (CWE-129) [ others ]	Trust: 0.8

sources: VULHUB: VHN-454621 // JVNDB: JVNDB-2023-004515 // NVD: CVE-2023-0755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1961

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1961

PATCH

title:

PTC ThingWorx Edge Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=234214

Trust: 0.6

sources: CNNVD: CNNVD-202302-1961

EXTERNAL IDS

db:	NVD	id:	CVE-2023-0755	Trust: 3.4
db:	ICS CERT	id:	ICSA-23-054-01	Trust: 2.6
db:	JVN	id:	JVNVU92776796	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-004515	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.1203	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1961	Trust: 0.6
db:	VULHUB	id:	VHN-454621	Trust: 0.1
db:	VULMON	id:	CVE-2023-0755	Trust: 0.1

sources: VULHUB: VHN-454621 // VULMON: CVE-2023-0755 // JVNDB: JVNDB-2023-004515 // CNNVD: CNNVD-202302-1961 // NVD: CVE-2023-0755

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01	Trust: 2.7
url:	https://jvn.jp/vu/jvnvu92776796/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0755	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-0755/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1203	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/129.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-454621 // VULMON: CVE-2023-0755 // JVNDB: JVNDB-2023-004515 // CNNVD: CNNVD-202302-1961 // NVD: CVE-2023-0755

SOURCES

db:	VULHUB	id:	VHN-454621
db:	VULMON	id:	CVE-2023-0755
db:	JVNDB	id:	JVNDB-2023-004515
db:	CNNVD	id:	CNNVD-202302-1961
db:	NVD	id:	CVE-2023-0755

LAST UPDATE DATE

2024-08-14T14:24:16.010000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-454621	date:	2023-03-03T00:00:00
db:	VULMON	id:	CVE-2023-0755	date:	2023-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-004515	date:	2023-10-31T01:55:00
db:	CNNVD	id:	CNNVD-202302-1961	date:	2023-04-20T00:00:00
db:	NVD	id:	CVE-2023-0755	date:	2023-11-07T04:01:23.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-454621	date:	2023-02-23T00:00:00
db:	VULMON	id:	CVE-2023-0755	date:	2023-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-004515	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1961	date:	2023-02-23T00:00:00
db:	NVD	id:	CVE-2023-0755	date:	2023-02-23T22:15:11.427