Heap-based buffer overflow in PTC products - CVE-2023-5908
Published: December 4, 2023
Vulnerability identifier: #VU83635
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-5908
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PTC
Affected software:
Kepware KepServerEX
ThingWorx Kepware Server
ThingWorx Industrial Connectivity
ThingWorx Kepware Edge
OPC Aggregator
Kepware KepServerEX
ThingWorx Kepware Server
ThingWorx Industrial Connectivity
ThingWorx Kepware Edge
OPC Aggregator
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack or leak information.
How to mitigate CVE-2023-5908
Install updates from vendor's website.