Improper validation of certificate with host mismatch in PTC products - CVE-2023-5909
Published: December 4, 2023
Vulnerability identifier: #VU83637
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-5909
CWE-ID: CWE-297
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PTC
Affected software:
Kepware KepServerEX
ThingWorx Kepware Server
ThingWorx Industrial Connectivity
ThingWorx Kepware Edge
OPC Aggregator
Kepware KepServerEX
ThingWorx Kepware Server
ThingWorx Industrial Connectivity
ThingWorx Kepware Edge
OPC Aggregator
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected application does not properly validate certificates from clients. A remote attacker can connect to the application and gain access to sensitive information.
How to mitigate CVE-2023-5909
Install updates from vendor's website.