What is CVE-2023-5908?

CVE-2023-5908 is a critical-severity vulnerability in Ge Gigital Industrial Gateway Server, classified under Heap-based Buffer Overflow. CVSS score: 9.1/10. Published 2023-11-30.

How severe is CVE-2023-5908?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Buffer overflow in Ge Gigital Industrial Gateway Server

CVE-2023-5908

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (10.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Ge Gigital Industrial Gateway Server — versions 0
Ptc Kepserverex — versions 0
Ptc Opc-aggregator — versions 0
Ptc Thingworx Industrial Connectivity — versions All versions
Ptc Thingworx Kepware Edge — versions 0
Ptc Thingworx Kepware Server — versions 0
Rockwell Automation Kepserver Enterprise — versions 0
Software Toolbox Top Server — versions 0

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 (government-resource)

Frequently asked questions

What is CVE-2023-5908?: CVE-2023-5908 is a critical-severity vulnerability in Ge Gigital Industrial Gateway Server, classified under Heap-based Buffer Overflow. CVSS score: 9.1/10. Published 2023-11-30.
How severe is CVE-2023-5908?: Critical severity. CVSS v3 base score is 9.1 out of 10.