KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
EUVD-2023-58182 | KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. |
Solution
PTC has released and recommends users to update to the following versions: * KEPServerEX should upgrade to v6.15 or later * ThingWorx Kepware Server should upgrade to v6.15 or later * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later * OPC-Aggregator should upgrade to v6.15 or later * ThingWorx Kepware Edge: Upgrade to v1.8 or later Refer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide If additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log For more information, see PTC's advisory https://www.ptc.com/en/support/article/CS405439 .
Workaround
No workaround given by the vendor.
No history.

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2024-08-02T08:14:24.693Z
Reserved: 2023-11-01T16:18:45.060Z
Link: CVE-2023-5909

No data.

Status : Modified
Published: 2023-11-30T22:15:10.163
Modified: 2024-11-21T08:42:45.260
Link: CVE-2023-5909

No data.

No data.