CVE-2023-5908

Heap Based Buffer Overflow in PTC KEPServerEx

Description

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.

Remediation

Solution:

  • PTC has released and recommends users to update to the following versions: * KEPServerEX should upgrade to v6.15 or later * ThingWorx Kepware Server should upgrade to v6.15 or later * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later * OPC-Aggregator should upgrade to v6.15 or later * ThingWorx Kepware Edge: Upgrade to v1.8 or later Refer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide If additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log For more information, see PTC's advisory https://www.ptc.com/en/support/article/CS405439 .

Categories

9.1
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.03%
Third-Party Advisory cisa.gov
Affected: PTC KEPServerEX
Affected: PTC ThingWorx Kepware Server
Affected: PTC ThingWorx Industrial Connectivity
Affected: PTC OPC-Aggregator
Affected: PTC ThingWorx Kepware Edge
Affected: Rockwell Automation KEPServer Enterprise
Affected: GE Gigital Industrial Gateway Server
Affected: Software Toolbox TOP Server
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 government resource third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-5908?
CVE-2023-5908 has been scored as a critical severity vulnerability.
How to fix CVE-2023-5908?
To fix CVE-2023-5908: PTC has released and recommends users to update to the following versions: * KEPServerEX should upgrade to v6.15 or later * ThingWorx Kepware Server should upgrade to v6.15 or later * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later * OPC-Aggregator should upgrade to v6.15 or later * ThingWorx Kepware Edge: Upgrade to v1.8 or later Refer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide If additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log For more information, see PTC's advisory https://www.ptc.com/en/support/article/CS405439 .
Is CVE-2023-5908 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-5908 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-5908?
CVE-2023-5908 affects PTC KEPServerEX, PTC ThingWorx Kepware Server, PTC ThingWorx Industrial Connectivity, PTC OPC-Aggregator, PTC ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Gigital Industrial Gateway Server, Software Toolbox TOP Server.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.