CVE-2023-5908

Name of the Vulnerable Software and Affected Versions KEPServerEX (affected versions not specified) ThingWorx Kepware Server (affected versions not specified) ThingWorx Industrial Connectivity (affected versions not specified) OPC-Aggregator (affected versions not specified) ThingWorx Kepware Edge (affected versions not specified) Rockwell Automation KEPServer Enterprise (affected versions not specified) GE Digital Industrial Gateway Server (affected versions not specified) Software Toolbox TOP Server (affected versions not specified)

Description The issue is related to a buffer overflow in the dynamic memory, which may allow an attacker to crash the product being accessed or leak information. This can be exploited by a remote attacker to gain access to protected information or cause a denial of service.

Recommendations For KEPServerEX, consider disabling the vulnerable function until a patch is available. For ThingWorx Kepware Server, restrict access to the vulnerable module to minimize the risk of exploitation. For ThingWorx Industrial Connectivity, avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. For OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.