CVE-2023-0755
Published: 23 February 2023
Summary
CVE-2023-0755 is a critical-severity Improper Validation of Array Index (CWE-129) vulnerability in Ge Digital Industrial Gateway Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-0755 is an improper array index validation vulnerability, tracked under CWE-129, that affects certain unspecified industrial control system products. The flaw carries a CVSS 3.1 base score of 9.8 and can cause the server to crash or permit remote arbitrary code execution.
An unauthenticated attacker can exploit the issue over the network without user interaction or credentials, resulting in complete loss of confidentiality, integrity, and availability on the affected system.
The associated CISA advisory ICSA-23-054-01 outlines mitigation steps for the impacted products. The EPSS score has remained flat at 0.0818 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12773
Vulnerability details
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.