Cyber Resilience

CVE-2023-0754

Critical

Published: 23 February 2023

Published
23 February 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0072 72.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0754 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Ge Digital Industrial Gateway Server. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 27.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ge
digital industrial gateway server
≤ 7.612
ptc
kepware server
≤ 6.12
ptc
kepware serverex
≤ 6.12
ptc
thingworx .net-sdk
≤ 5.8.4.971
ptc
thingworx edge c-sdk
≤ 2.2.12.1052
ptc
thingworx edge microserver
≤ 5.4.10.0
ptc
thingworx industrial connectivity
all versions
ptc
thingworx kepware edge
≤ 1.5
rockwellautomation
kepserver enterprise
≤ 6.12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References