{"id":58938,"date":"2025-09-26T10:39:55","date_gmt":"2025-09-26T10:39:55","guid":{"rendered":"https:\/\/becolve.com\/blog\/kepserverex-vulnerabilities\/"},"modified":"2025-09-26T10:39:55","modified_gmt":"2025-09-26T10:39:55","slug":"kepserverex-vulnerabilities","status":"publish","type":"blog","link":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/","title":{"rendered":"KEPserverEX Vulnerabilities"},"content":{"rendered":"<p>KEPserverEX has announced vulnerabilities in some of its products that could cause a <strong>HEAP-based buffer overflow CWE-22 (CVE-2023-5908)<\/strong> and <strong>incorrect certificate validation with Host mismatch CWE-297 (CVE-2023-5909).<\/strong><br \/>\nIf successfully exploited, attackers could gain code execution at the Windows system level and cause product blocking, sensitive information leakage, or connection without proper authentication.<\/p>\n<h4>Affected Products<\/h4>\n<ul>\n<li><strong>KEPServerEX:<\/strong> v6.14.263.0 and earlier.<\/li>\n<li><strong>ThingWorx Kepware Server:<\/strong> v6.14.263.0 and earlier.<\/li>\n<li><strong>ThingWorx Industrial Connectivity<\/strong>: all versions.<\/li>\n<li><strong>OPC-Aggregator<\/strong>: v6.14 and earlier.<\/li>\n<li><strong>ThingWorx Kepware Edge<\/strong>: v1.7 and earlier.<\/li>\n<li><strong>Rockwell Automation KEPServer Enterprise<\/strong>: v6.14.263.0 and earlier.<\/li>\n<li><strong>GE Digital Industrial Gateway Server<\/strong>: v7.614 and earlier.<\/li>\n<li><strong>Software Toolbox TOP Server<\/strong>: v6.14.263.0 and earlier.<\/li>\n<\/ul>\n<h4>Is there a Solution?<\/h4>\n<p>Of course! Just update the affected software on those nodes to the latest versions as soon as possible:<\/p>\n<ul>\n<li><strong>KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity and OPC-Aggregator<\/strong>: to v6.15 (or later). Remember that KEPServerEX has recently released this latest version with <a href=\"https:\/\/becolve.com\/blog\/kepserverex-v-6-15\/\">significant security improvements<\/a>. <\/li>\n<li><strong>ThingWorx Kepware Edge<\/strong>: to v1.8 or later.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"contenida alignnone wp-image-26911 size-full\" src=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/kepware-V-6.15-1.png\" width=\"600\" height=\"292\" srcset=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/kepware-V-6.15-1.png 600w, https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/kepware-V-6.15-1-480x234.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 600px, 100vw\" \/><\/p>\n<h4>Anticipate Future Attacks<\/h4>\n<p>Installing the latest versions remedies the current security breach, but with technologies expanding more and more, nothing assures you of saving future threats to your portfolio in general.<br \/>\nGiven this and so that nothing escapes you, we advise you to take preventive measures that mitigate unnecessary risks, such as:<\/p>\n<ul>\n<li><strong>Minimize network exposure<\/strong> for all devices and\/or systems in the control center, ensuring that they are not accessible from the Internet.<\/li>\n<li>Locate control system networks and remote devices behind firewalls and isolate them from business networks.<\/li>\n<li>Use a <strong>secure remote access<\/strong> (such as a properly updated <strong>VPN<\/strong>).<\/li>\n<\/ul>\n<p>Prior to implementing these measures, perform an impact analysis and <a href=\"https:\/\/becolve.com\/en\/?post_type=soluciones&#038;p=56429\">risk assessment<\/a> to understand your particular needs, with your operating environment, architecture, and product implementation in the equation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>KEPserverEX has announced vulnerabilities in some of its products that could cause a HEAP-based buffer overflow CWE-22 (CVE-2023-5908) and incorrect certificate validation with Host mismatch CWE-297 (CVE-2023-5909). If successfully exploited, attackers could gain code execution at the Windows system level and cause product blocking, sensitive information leakage, or connection without proper authentication. Affected Products KEPServerEX: [&hellip;]<\/p>\n","protected":false},"author":38,"featured_media":58939,"menu_order":0,"template":"","categories":[1335,1371,1359,1336],"tags":[],"arquitectura":[1843,1839],"area":[1333,1334],"sector":[1339,1337,1341,1350,1349,1344,1342,1343,1351,1348,1345,1340,1347,1346,1338],"experto":[],"weborigen":[],"productos-tax":[140],"soluciones-tax":[1386,1375],"marcas-tax":[383],"coauthors":[425],"class_list":["post-58938","blog","type-blog","status-publish","has-post-thumbnail","hentry","category-communications","category-cybersecurity","category-digital-evolution","category-it-ot-integration","arquitectura-industrial-communications","arquitectura-industrial-cybersecurity","area-industrial","area-infrastructure","sector-airports","sector-automotive","sector-chemicals-and-cosmetics","sector-data-center","sector-energy","sector-fb","sector-facility-management","sector-oem","sector-packaging","sector-pharma","sector-ports","sector-smart-city","sector-transport-and-mobility","sector-tunnels","sector-waters","productos-tax-kepserverex","soluciones-tax-communication-drivers","soluciones-tax-communication-hub","marcas-tax-kepware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>KEPserverEX Vulnerabilities | Becolve Digital<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"KEPserverEX Vulnerabilities | Becolve Digital\" \/>\n<meta property=\"og:description\" content=\"KEPserverEX has announced vulnerabilities in some of its products that could cause a HEAP-based buffer overflow CWE-22 (CVE-2023-5908) and incorrect certificate validation with Host mismatch CWE-297 (CVE-2023-5909). If successfully exploited, attackers could gain code execution at the Windows system level and cause product blocking, sensitive information leakage, or connection without proper authentication. Affected Products KEPServerEX: [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Becolve Digital\" \/>\n<meta property=\"og:image\" content=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"622\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Logitek_es\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Iria Di\u00e9guez\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/\",\"url\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/\",\"name\":\"KEPserverEX Vulnerabilities | Becolve Digital\",\"isPartOf\":{\"@id\":\"https:\/\/becolve.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg\",\"datePublished\":\"2025-09-26T10:39:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg\",\"width\":1000,\"height\":622},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/becolve.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog Items\",\"item\":\"https:\/\/becolve.com\/en\/blog\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"KEPserverEX Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/becolve.com\/en\/#website\",\"url\":\"https:\/\/becolve.com\/en\/\",\"name\":\"Becolve Digital\",\"description\":\"Transformaci\u00f3n digital en industria e infraestructuras\",\"publisher\":{\"@id\":\"https:\/\/becolve.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/becolve.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/becolve.com\/en\/#organization\",\"name\":\"Becolve Digital\",\"url\":\"https:\/\/becolve.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"width\":200,\"height\":64,\"caption\":\"Becolve Digital\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/Logitek_es\",\"https:\/\/www.linkedin.com\/company\/becolve-digital\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"KEPserverEX Vulnerabilities | Becolve Digital","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"KEPserverEX Vulnerabilities | Becolve Digital","og_description":"KEPserverEX has announced vulnerabilities in some of its products that could cause a HEAP-based buffer overflow CWE-22 (CVE-2023-5908) and incorrect certificate validation with Host mismatch CWE-297 (CVE-2023-5909). If successfully exploited, attackers could gain code execution at the Windows system level and cause product blocking, sensitive information leakage, or connection without proper authentication. Affected Products KEPServerEX: [&hellip;]","og_url":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/","og_site_name":"Becolve Digital","og_image":[{"width":1000,"height":622,"url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@Logitek_es","twitter_misc":{"Est. reading time":"1 minute","Written by":"Iria Di\u00e9guez"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/","url":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/","name":"KEPserverEX Vulnerabilities | Becolve Digital","isPartOf":{"@id":"https:\/\/becolve.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg","datePublished":"2025-09-26T10:39:55+00:00","breadcrumb":{"@id":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#primaryimage","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/12\/Vulnerabilidades-KEPserverEX.jpeg","width":1000,"height":622},{"@type":"BreadcrumbList","@id":"https:\/\/becolve.com\/en\/blog\/kepserverex-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/becolve.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog Items","item":"https:\/\/becolve.com\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"KEPserverEX Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/becolve.com\/en\/#website","url":"https:\/\/becolve.com\/en\/","name":"Becolve Digital","description":"Transformaci\u00f3n digital en industria e infraestructuras","publisher":{"@id":"https:\/\/becolve.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/becolve.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/becolve.com\/en\/#organization","name":"Becolve Digital","url":"https:\/\/becolve.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","width":200,"height":64,"caption":"Becolve Digital"},"image":{"@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Logitek_es","https:\/\/www.linkedin.com\/company\/becolve-digital\/"]}]}},"_links":{"self":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/58938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/users\/38"}],"version-history":[{"count":0,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/58938\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media\/58939"}],"wp:attachment":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media?parent=58938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/categories?post=58938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/tags?post=58938"},{"taxonomy":"arquitectura","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/arquitectura?post=58938"},{"taxonomy":"area","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/area?post=58938"},{"taxonomy":"sector","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/sector?post=58938"},{"taxonomy":"experto","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/experto?post=58938"},{"taxonomy":"weborigen","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/weborigen?post=58938"},{"taxonomy":"productos-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/productos-tax?post=58938"},{"taxonomy":"soluciones-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/soluciones-tax?post=58938"},{"taxonomy":"marcas-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/marcas-tax?post=58938"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/coauthors?post=58938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}