KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.







Advisories
Source ID Title
EUVD EUVD EUVD-2023-58182 KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Fixes

Solution

PTC has released and recommends users to update to the following versions: * KEPServerEX should upgrade to v6.15 or later * ThingWorx Kepware Server should upgrade to v6.15 or later * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later * OPC-Aggregator should upgrade to v6.15 or later * ThingWorx Kepware Edge: Upgrade to v1.8 or later Refer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide If additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log For more information, see PTC's advisory https://www.ptc.com/en/support/article/CS405439 .


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-08-02T08:14:24.693Z

Reserved: 2023-11-01T16:18:45.060Z

Link: CVE-2023-5909

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-30T22:15:10.163

Modified: 2024-11-21T08:42:45.260

Link: CVE-2023-5909

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.