CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3825

PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.1%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-3825

Kepware » Kepserverex » Version: 6.0.0

cpe:2.3:a:kepware:kepserverex:6.0.0
Kepware » Kepserverex » Version: 6.0.2107.0

cpe:2.3:a:kepware:kepserverex:6.0.2107.0
Kepware » Kepserverex » Version: 6.0.2206.0

cpe:2.3:a:kepware:kepserverex:6.0.2206.0
Kepware » Kepserverex » Version: 6.0.2207.0

cpe:2.3:a:kepware:kepserverex:6.0.2207.0
Kepware » Kepserverex » Version: 6.1.601.0

cpe:2.3:a:kepware:kepserverex:6.1.601.0
Kepware » Kepserverex » Version: 6.1.655.0

cpe:2.3:a:kepware:kepserverex:6.1.655.0
Kepware » Kepserverex » Version: 6.10.623.0

cpe:2.3:a:kepware:kepserverex:6.10.623.0
Kepware » Kepserverex » Version: 6.10.659.0

cpe:2.3:a:kepware:kepserverex:6.10.659.0
Kepware » Kepserverex » Version: 6.11.718.0

cpe:2.3:a:kepware:kepserverex:6.11.718.0
Kepware » Kepserverex » Version: 6.14.263

cpe:2.3:a:kepware:kepserverex:6.14.263
Kepware » Kepserverex » Version: 6.2.429.0

cpe:2.3:a:kepware:kepserverex:6.2.429.0
Kepware » Kepserverex » Version: 6.2.460.0

cpe:2.3:a:kepware:kepserverex:6.2.460.0
Kepware » Kepserverex » Version: 6.2.506.0

cpe:2.3:a:kepware:kepserverex:6.2.506.0
Kepware » Kepserverex » Version: 6.2.507.0

cpe:2.3:a:kepware:kepserverex:6.2.507.0
Kepware » Kepserverex » Version: 6.3.273.0

cpe:2.3:a:kepware:kepserverex:6.3.273.0
Kepware » Kepserverex » Version: 6.3.279.0

cpe:2.3:a:kepware:kepserverex:6.3.279.0
Kepware » Kepserverex » Version: 6.3.305.0

cpe:2.3:a:kepware:kepserverex:6.3.305.0
Kepware » Kepserverex » Version: 6.3.306.0

cpe:2.3:a:kepware:kepserverex:6.3.306.0
Kepware » Kepserverex » Version: 6.4.321.0

cpe:2.3:a:kepware:kepserverex:6.4.321.0
Kepware » Kepserverex » Version: 6.4.405.0

cpe:2.3:a:kepware:kepserverex:6.4.405.0
Kepware » Kepserverex » Version: 6.4.406.0

cpe:2.3:a:kepware:kepserverex:6.4.406.0
Kepware » Kepserverex » Version: 6.5.829.0

cpe:2.3:a:kepware:kepserverex:6.5.829.0
Kepware » Kepserverex » Version: 6.5.850.0

cpe:2.3:a:kepware:kepserverex:6.5.850.0
Kepware » Kepserverex » Version: 6.6.348.0

cpe:2.3:a:kepware:kepserverex:6.6.348.0
Kepware » Kepserverex » Version: 6.6.350.0

cpe:2.3:a:kepware:kepserverex:6.6.350.0
Kepware » Kepserverex » Version: 6.6.362.0

cpe:2.3:a:kepware:kepserverex:6.6.362.0
Kepware » Kepserverex » Version: 6.7.1046.0

cpe:2.3:a:kepware:kepserverex:6.7.1046.0
Kepware » Kepserverex » Version: 6.7.1054.0

cpe:2.3:a:kepware:kepserverex:6.7.1054.0
Kepware » Kepserverex » Version: 6.7.1067.0

cpe:2.3:a:kepware:kepserverex:6.7.1067.0
Kepware » Kepserverex » Version: 6.8.796.0

cpe:2.3:a:kepware:kepserverex:6.8.796.0
Kepware » Kepserverex » Version: 6.8.838.0

cpe:2.3:a:kepware:kepserverex:6.8.838.0
Kepware » Kepserverex » Version: 6.8.875.0

cpe:2.3:a:kepware:kepserverex:6.8.875.0
Kepware » Kepserverex » Version: 6.9.572.0

cpe:2.3:a:kepware:kepserverex:6.9.572.0
Kepware » Kepserverex » Version: 6.9.584.0

cpe:2.3:a:kepware:kepserverex:6.9.584.0
Kepware » Kepserverex » Version: 6.9.636.0

cpe:2.3:a:kepware:kepserverex:6.9.636.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3825

Products

Pricing

Contact Us