Skip to main content

Thingworx Industrial Connectivity

8 CVEs product

Monthly

CVE-2023-29447 MEDIUM This Month

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-29446 MEDIUM This Month

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Code Injection Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-29445 HIGH This Week

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-29444 MEDIUM This Month

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-5909 HIGH This Week

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Industrial Gateway Server Keepserverex Opc Aggregator Thingworx Industrial Connectivity +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-5908 CRITICAL Act Now

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Industrial Gateway Server Keepserverex Opc Aggregator +5
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-0755 CRITICAL Act Now

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Digital Industrial Gateway Server Kepware Server Kepware Serverex Thingworx Net Sdk +5
NVD
CVSS 3.1
9.8
EPSS
11.8%
CVE-2023-0754 CRITICAL Act Now

The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Digital Industrial Gateway Server Kepware Server Kepware Serverex +6
NVD
CVSS 3.1
9.8
EPSS
2.9%
EPSS 0% CVSS 5.7
MEDIUM This Month

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Code Injection Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Kepware Kepserverex Thingworx Kepware Server +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Industrial Gateway Server Keepserverex +6
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Industrial Gateway Server +7
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Digital Industrial Gateway Server Kepware Server +7
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Digital Industrial Gateway Server +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy