CVE-2023-5909: Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
First published: Thu Nov 30 2023(Updated: )
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Industrial Gateway Server | <=7.614 | |
| Ptc Keepserverex | <=6.14.263.0 | |
| PTC OPC-Aggregator | <=6.14 | |
| PTC ThingWorx Industrial Connectivity | ||
| Ptc Thingworx Kepware Edge | <=1.7 | |
| PTC ThingWorx Kepware Server | <=6.14.263.0 | |
| Rockwellautomation Kepserver Enterprise | <=6.14.263.0 | |
| Softwaretoolbox Top Server | <=6.14.263.0 |
Remedy
PTC has released and recommends users to update to the following versions: * KEPServerEX should upgrade to v6.15 or later * ThingWorx Kepware Server should upgrade to v6.15 or later * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later * OPC-Aggregator should upgrade to v6.15 or later * ThingWorx Kepware Edge: Upgrade to v1.8 or later Refer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide If additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log For more information, see PTC's advisory https://www.ptc.com/en/support/article/CS405439 .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5909?
CVE-2023-5909 is a vulnerability in PTC KEPServerEx that allows unauthenticated users to connect due to improper validation of certificates.
What is the severity of CVE-2023-5909?
CVE-2023-5909 has a severity rating of 7.5 (high).
Which software is affected by CVE-2023-5909?
CVE-2023-5909 affects GE Industrial Gateway Server, PTC KEPServerEx, PTC OPC-Aggregator, PTC ThingWorx Industrial Connectivity, PTC ThingWorx Kepware Edge, PTC ThingWorx Kepware Server, RockwellAutomation KepServer Enterprise, and Softwaretoolbox Top Server.
How can unauthenticated users connect due to CVE-2023-5909?
Unauthenticated users can connect due to CVE-2023-5909 because KEPServerEx does not properly validate certificates from clients.
Is there a reference for CVE-2023-5909?
Yes, you can find more information about CVE-2023-5909 at this link: https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/remedy
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ge
- canonical/ge industrial gateway server
- version/ge industrial gateway server/7.614
- vendor/ptc
- canonical/ptc keepserverex
- version/ptc keepserverex/6.14.263.0
- canonical/ptc opc-aggregator
- version/ptc opc-aggregator/6.14
- canonical/ptc thingworx industrial connectivity
- canonical/ptc thingworx kepware edge
- version/ptc thingworx kepware edge/1.7
- canonical/ptc thingworx kepware server
- version/ptc thingworx kepware server/6.14.263.0
- vendor/rockwellautomation
- canonical/rockwellautomation kepserver enterprise
- version/rockwellautomation kepserver enterprise/6.14.263.0
- vendor/softwaretoolbox
- canonical/softwaretoolbox top server
- version/softwaretoolbox top server/6.14.263.0