CVE-2023-0755

CRITICAL

GE Digital Industrial Gateway Server < 7.612 - Remote Code Execution via Array Index Validation

Title source: llm

Description

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01

Scores

CVSS v3 9.8

EPSS 0.0818

EPSS Percentile 92.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-129

Status published

Products (9)

ge/digital_industrial_gateway_server < 7.612

ptc/kepware_server < 6.12

ptc/kepware_serverex < 6.12

ptc/thingworx_.net-sdk < 5.8.4.971

ptc/thingworx_edge_c-sdk < 2.2.12.1052

ptc/thingworx_edge_microserver < 5.4.10.0

ptc/thingworx_industrial_connectivity

ptc/thingworx_kepware_edge < 1.5

rockwellautomation/kepserver_enterprise < 6.12

Published Feb 23, 2023

Tracked Since Feb 18, 2026