Sign-up

ID

VAR-202302-1840


CVE

CVE-2023-0754


TITLE

General Electric Company  of  digital industrial gateway server  Integer overflow vulnerability in products from other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2023-004519

DESCRIPTION

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code. General Electric Company of digital industrial gateway server Products from other vendors contain integer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PTC ThingWorx Edge is a complete end-to-end technology platform designed for the Industrial Internet of Things (IIoT) by PTC Corporation of the United States. ThingWorx Edge C-SDK version 2.2.12.1052 and earlier versions have an input validation error vulnerability, which is caused by integer overflow

Trust: 2.34

sources: NVD: CVE-2023-0754 // JVNDB: JVNDB-2023-004519 // CNNVD: CNNVD-202302-1949 // VULHUB: VHN-454620 // VULMON: CVE-2023-0754

AFFECTED PRODUCTS

vendor:ptcmodel:kepware serverscope:lteversion:6.12

Trust: 1.0

vendor:ptcmodel:thingworx kepware edgescope:lteversion:1.5

Trust: 1.0

vendor:ptcmodel:thingworx .net-sdkscope:lteversion:5.8.4.971

Trust: 1.0

vendor:ptcmodel:kepware serverexscope:lteversion:6.12

Trust: 1.0

vendor:rockwellautomationmodel:kepserver enterprisescope:lteversion:6.12

Trust: 1.0

vendor:ptcmodel:thingworx edge microserverscope:lteversion:5.4.10.0

Trust: 1.0

vendor:gemodel:digital industrial gateway serverscope:lteversion:7.612

Trust: 1.0

vendor:ptcmodel:thingworx industrial connectivityscope:eqversion:*

Trust: 1.0

vendor:ptcmodel:thingworx edge c-sdkscope:lteversion:2.2.12.1052

Trust: 1.0

vendor:ptcmodel:thingworx edge microserverscope: - version: -

Trust: 0.8

vendor:ptcmodel:thingworx kepware edgescope: - version: -

Trust: 0.8

vendor:general electricmodel:digital industrial gateway serverscope: - version: -

Trust: 0.8

vendor:ptcmodel:thingworx .net-sdkscope: - version: -

Trust: 0.8

vendor:ptcmodel:kepware serverexscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:kepserver enterprisescope: - version: -

Trust: 0.8

vendor:ptcmodel:thingworx edge c-sdkscope: - version: -

Trust: 0.8

vendor:ptcmodel:thingworx industrial connectivityscope: - version: -

Trust: 0.8

vendor:ptcmodel:kepware serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004519 // NVD: CVE-2023-0754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-0754
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2023-0754
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-0754
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-1949
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-0754
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-0754
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004519 // CNNVD: CNNVD-202302-1949 // NVD: CVE-2023-0754 // NVD: CVE-2023-0754

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [ others ]

Trust: 0.8

sources: VULHUB: VHN-454620 // JVNDB: JVNDB-2023-004519 // NVD: CVE-2023-0754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1949

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1949

PATCH

title:PTC ThingWorx Edge Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234213

Trust: 0.6

sources: CNNVD: CNNVD-202302-1949

EXTERNAL IDS

db:NVDid:CVE-2023-0754

Trust: 3.4

db:ICS CERTid:ICSA-23-054-01

Trust: 2.6

db:JVNid:JVNVU92776796

Trust: 0.8

db:JVNDBid:JVNDB-2023-004519

Trust: 0.8

db:AUSCERTid:ESB-2023.1203

Trust: 0.6

db:CNNVDid:CNNVD-202302-1949

Trust: 0.6

db:VULHUBid:VHN-454620

Trust: 0.1

db:VULMONid:CVE-2023-0754

Trust: 0.1

sources: VULHUB: VHN-454620 // VULMON: CVE-2023-0754 // JVNDB: JVNDB-2023-004519 // CNNVD: CNNVD-202302-1949 // NVD: CVE-2023-0754

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01

Trust: 2.7

url:https://jvn.jp/vu/jvnvu92776796/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-0754

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-0754/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1203

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-454620 // VULMON: CVE-2023-0754 // JVNDB: JVNDB-2023-004519 // CNNVD: CNNVD-202302-1949 // NVD: CVE-2023-0754

SOURCES

db:VULHUBid:VHN-454620
db:VULMONid:CVE-2023-0754
db:JVNDBid:JVNDB-2023-004519
db:CNNVDid:CNNVD-202302-1949
db:NVDid:CVE-2023-0754

LAST UPDATE DATE

2024-08-14T14:24:15.981000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-454620date:2023-03-03T00:00:00
db:VULMONid:CVE-2023-0754date:2023-02-23T00:00:00
db:JVNDBid:JVNDB-2023-004519date:2023-10-31T02:04:00
db:CNNVDid:CNNVD-202302-1949date:2023-04-20T00:00:00
db:NVDid:CVE-2023-0754date:2023-11-07T04:01:23.633

SOURCES RELEASE DATE

db:VULHUBid:VHN-454620date:2023-02-23T00:00:00
db:VULMONid:CVE-2023-0754date:2023-02-23T00:00:00
db:JVNDBid:JVNDB-2023-004519date:2023-10-31T00:00:00
db:CNNVDid:CNNVD-202302-1949date:2023-02-23T00:00:00
db:NVDid:CVE-2023-0754date:2023-02-23T22:15:11.333