CVE-2023-5909

HIGH 7.5

Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

CWE	CWE-297
Vendor	ptc
Product	kepserverex
Published	Nov 30, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for ptc kepserverex

Be the first to know when new high vulnerabilities affecting ptc kepserverex are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

PTC / KEPServerEX

0 ≤ 6.14.263.0

PTC / ThingWorx Kepware Server

0 ≤ 6.14.263.0

PTC / ThingWorx Industrial Connectivity

All versions

PTC / OPC-Aggregator

0 ≤ 6.14

PTC / ThingWorx Kepware Edge

0 ≤ 1.7

Rockwell Automation / KEPServer Enterprise

0 ≤ 6.14.263.0

GE Gigital / Industrial Gateway Server

0 ≤ 7.614

Software Toolbox / TOP Server

0 ≤ 6.14.263.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03

Credits

Shawn Hoffman