Becolve Digital
Select Page

KEPserverEX Vulnerabilities

KEPserverEX has announced vulnerabilities in some of its products that could cause a HEAP-based buffer overflow CWE-22 (CVE-2023-5908) and incorrect certificate validation with Host mismatch CWE-297 (...

Iria Diéguez
Content Manager
Blog cover

KEPserverEX has announced vulnerabilities in some of its products that could cause a HEAP-based buffer overflow CWE-22 (CVE-2023-5908) and incorrect certificate validation with Host mismatch CWE-297 (CVE-2023-5909).
If successfully exploited, attackers could gain code execution at the Windows system level and cause product blocking, sensitive information leakage, or connection without proper authentication.

Affected Products

  • KEPServerEX: v6.14.263.0 and earlier.
  • ThingWorx Kepware Server: v6.14.263.0 and earlier.
  • ThingWorx Industrial Connectivity: all versions.
  • OPC-Aggregator: v6.14 and earlier.
  • ThingWorx Kepware Edge: v1.7 and earlier.
  • Rockwell Automation KEPServer Enterprise: v6.14.263.0 and earlier.
  • GE Digital Industrial Gateway Server: v7.614 and earlier.
  • Software Toolbox TOP Server: v6.14.263.0 and earlier.

Is there a Solution?

Of course! Just update the affected software on those nodes to the latest versions as soon as possible:

  • KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity and OPC-Aggregator: to v6.15 (or later). Remember that KEPServerEX has recently released this latest version with significant security improvements.
  • ThingWorx Kepware Edge: to v1.8 or later.

Anticipate Future Attacks

Installing the latest versions remedies the current security breach, but with technologies expanding more and more, nothing assures you of saving future threats to your portfolio in general.
Given this and so that nothing escapes you, we advise you to take preventive measures that mitigate unnecessary risks, such as:

  • Minimize network exposure for all devices and/or systems in the control center, ensuring that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from business networks.
  • Use a secure remote access (such as a properly updated VPN).

Prior to implementing these measures, perform an impact analysis and risk assessment to understand your particular needs, with your operating environment, architecture, and product implementation in the equation.

Related articles