CVE-2023-5909

Name of the Vulnerable Software and Affected Versions KEPServerEX (affected versions not specified) ThingWorx Kepware Server (affected versions not specified) ThingWorx Industrial Connectivity (affected versions not specified) OPC-Aggregator (affected versions not specified) ThingWorx Kepware Edge (affected versions not specified) Rockwell Automation KEPServer Enterprise (affected versions not specified) GE Digital Industrial Gateway Server (affected versions not specified) Software Toolbox TOP Server (affected versions not specified)

Description The issue is related to errors in the certificate authentication procedure, which may allow unauthenticated users to connect. Exploitation of this issue could enable a remote attacker to bypass certificate policy checks.

Recommendations For KEPServerEX, consider disabling certificate validation until a proper fix is available. For ThingWorx Kepware Server, restrict access to sensitive areas of the server to minimize the risk of exploitation. For ThingWorx Industrial Connectivity, avoid using the vulnerable authentication mechanism until the issue is resolved. For OPC-Aggregator, as a temporary workaround, consider implementing additional authentication measures to mitigate the risk. For ThingWorx Kepware Edge, restrict access to the Edge server to prevent potential exploitation. For Rockwell Automation KEPServer Enterprise, consider applying configuration changes to enhance security and prevent exploitation. For GE Digital Industrial Gateway Server, avoid using the affected server for critical operations until the issue is fixed. For Software Toolbox TOP Server, consider disabling the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.