KEPServerEX 6.14.263.0 was flagged by the security team for vulnerabilities

Forum|Forum|1 year ago
May 1, 2024
1 reply
1739 views

We installed KEPServerEX 6.14.263.0 on a customers VM last year and they now say it's getting flagged by their antivirus software. Not sure what they are using but wondering how often this happens and if installing the latest version will help?

Best answer by cmorehead

@Tanquen

Please take a look at the Kepware knowledge base article in the following link. It shows the vulnerability you have mentioned was recognized and addressed in the latest release of KEPServerEX (v6.15)

Article - CS397286 - Security vulnerability identified in PTC Kepware Products - CVE-2023-3825

Thanks,

*Chris

S

SlidingDownhill

12-Amethyst

I have zero idea if this is related - you would have to provide more details regarding exactly what CVE the AV is flagging, But I have an unrelated software package I have to update yearly that I can't download this year because Sophos AV targets the following GIF vulnerability contained in the package.

https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-056?redirectedfrom=MSDN

The odd part is that this vulnerability is from 2013 so why has it not been flagged by my AV till now?

No idea if this helps, but at least you are not alone 🙂

T

Tanquen

Author

12-Amethyst

This is the vulnerability they flagged.

CVE-2023-3825 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Description
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.

cpe:2.3:a:kepware:kepserverex:*:*:*:*:*:*:*:*
Show Matching CPE(s) From (including)
6.0.0 Up to (including)
6.14.263

So maybe fixed in 6.15?

C

cmorehead

Answer

13-Aquamarine

@Tanquen

Please take a look at the Kepware knowledge base article in the following link. It shows the vulnerability you have mentioned was recognized and addressed in the latest release of KEPServerEX (v6.15)

Article - CS397286 - Security vulnerability identified in PTC Kepware Products - CVE-2023-3825

Thanks,

*Chris

CVE-2023-3825 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded