cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

KEPServerEX 6.14.263.0 was flagged by the security team for vulnerabilities

Tanquen
10-Marble

KEPServerEX 6.14.263.0 was flagged by the security team for vulnerabilities

We installed KEPServerEX 6.14.263.0 on a customers VM last year and they now say it's getting flagged by their antivirus software. Not sure what they are using but wondering how often this happens and if installing the latest version will help?

ACCEPTED SOLUTION

Accepted Solutions
cmorehead
12-Amethyst
(To:Tanquen)

@Tanquen 

 

Please take a look at the Kepware knowledge base article in the following link.   It shows the vulnerability you have mentioned was recognized and addressed in the latest release of KEPServerEX (v6.15)

 

Article - CS397286 - Security vulnerability identified in PTC Kepware Products - CVE-2023-3825

 

Thanks,

 

*Chris

View solution in original post

5 REPLIES 5

I have zero idea if this is related - you would have to provide more details regarding exactly what CVE the AV is flagging, But I have an unrelated software package I have to update yearly that I can't download this year because Sophos AV targets the following GIF vulnerability contained in the package. 

https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-056?redirectedfrom=MSDN

 

The odd part is that this vulnerability is from 2013 so why has it not been flagged by my AV till now? 

No idea if this helps, but at least you are not alone  

This is the vulnerability they flagged.

 

CVE-2023-3825 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Description
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.

 

cpe:2.3:a:kepware:kepserverex:*:*:*:*:*:*:*:*
Show Matching CPE(s) From (including)
6.0.0 Up to (including)
6.14.263

 

So maybe fixed in 6.15?

cmorehead
12-Amethyst
(To:Tanquen)

@Tanquen 

 

Please take a look at the Kepware knowledge base article in the following link.   It shows the vulnerability you have mentioned was recognized and addressed in the latest release of KEPServerEX (v6.15)

 

Article - CS397286 - Security vulnerability identified in PTC Kepware Products - CVE-2023-3825

 

Thanks,

 

*Chris

I did find that they say it is fixed in 6.15. Sorry I did not get back here with that info.

 

How many versions is the KEPServerEX license good for? If you buy a license for v6.14 can you install anything up to v7?

cmorehead
12-Amethyst
(To:Tanquen)

@Tanquen

 

 licenses are renewed on a yearly basis. If the license is not renewed, then the license will only be eligible for versions of the software that were released prior to the expiration date. 

 

Thanks,

*Chris 

Announcements


Top Tags