Skip to main content

Kepware Kepserverex

4 CVEs product

Monthly

CVE-2023-29447 MEDIUM This Month

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-29446 MEDIUM This Month

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Code Injection Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-29445 HIGH This Week

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-29444 MEDIUM This Month

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
6.3
EPSS
0.0%
EPSS 0% CVSS 5.7
MEDIUM This Month

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Code Injection Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Kepware Kepserverex Thingworx Kepware Server +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy