cbcvebase.
CVE-2023-5909
published 2023-11-30

CVE-2023-5909: KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.44%
35.3th percentile
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

Affected

12 ranges
VendorProductVersion rangeFixed in
geindustrial_gateway_server<= 7.614
ge_gigitalindustrial_gateway_server<= 7.614
ptckeepserverex<= 6.14.263.0
ptckepserverex<= 6.14.263.0
ptcopc-aggregator<= 6.14
ptcthingworx_industrial_connectivity
ptcthingworx_kepware_edge<= 1.7
ptcthingworx_kepware_server<= 6.14.263.0
rockwell_automationkepserver_enterprise<= 6.14.263.0
rockwellautomationkepserver_enterprise<= 6.14.263.0
software_toolboxtop_server<= 6.14.263.0
softwaretoolboxtop_server<= 6.14.263.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.