ICSA-23-243-03 · Published 2023-10-12 · View on CISA ICS-CERT ↗

PTC Kepware KepServerEX (Update A)

CVSS 6.3 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes and credentials.

CVEs (4)

CVE-2023-29444 CVE-2023-29445 CVE-2023-29446 CVE-2023-29447

Remediations

PTC is aware of these vulnerabilities and is developing patches to address them. PTC expects these issues to be addressed by November 2023. This advisory will be updated when these patches are ready.
PTC recommends users follow the directions in the secure configuration documentation.
Users are encouraged to refer to PTC's security advisory on these vulnerabilities for more information.

Affected Vendors

PTC

Affected Products (3)

PTC · Kepware KepServerEX <=6.14.263.0

PTC · ThingWorx Kepware Server <=6.14.263.0

PTC · ThingWorx Industrial Connectivity >=8.0|=<8.5

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more