cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

KEPServerEX 6.14.263.0 was flagged by the security team for vulnerabilities

Go to solution
Tanquen
6-Contributor
6-Contributor
‎May 01, 2024 11:17 AM
‎May 01, 2024 11:17 AM

KEPServerEX 6.14.263.0 was flagged by the security team for vulnerabilities

We installed KEPServerEX 6.14.263.0 on a customers VM last year and they now say it's getting flagged by their antivirus software. Not sure what they are using but wondering how often this happens and if installing the latest version will help?

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
cmorehead
11-Garnet
11-Garnet
(To:Tanquen)
‎May 02, 2024 01:40 PM
‎May 02, 2024 01:40 PM

@Tanquen 

 

Please take a look at the Kepware knowledge base article in the following link.   It shows the vulnerability you have mentioned was recognized and addressed in the latest release of KEPServerEX (v6.15)

 

Article - CS397286 - Security vulnerability identified in PTC Kepware Products - CVE-2023-3825

 

Thanks,

 

*Chris

View solution in original post

0 Kudos
Notify Moderator
5 REPLIES 5
SlidingDownhill
9-Granite
9-Granite
(To:Tanquen)
‎May 01, 2024 11:24 AM
‎May 01, 2024 11:24 AM

I have zero idea if this is related - you would have to provide more details regarding exactly what CVE the AV is flagging, But I have an unrelated software package I have to update yearly that I can't download this year because Sophos AV targets the following GIF vulnerability contained in the package. 

https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-056?redirectedfrom=MSDN

 

The odd part is that this vulnerability is from 2013 so why has it not been flagged by my AV till now? 

No idea if this helps, but at least you are not alone  

0 Kudos
Notify Moderator
Tanquen
6-Contributor
6-Contributor
(To:SlidingDownhill)
‎May 01, 2024 01:13 PM
‎May 01, 2024 01:13 PM

This is the vulnerability they flagged.

 

CVE-2023-3825 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Description
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.

 

cpe:2.3:a:kepware:kepserverex:*:*:*:*:*:*:*:*
Show Matching CPE(s) From (including)
6.0.0 Up to (including)
6.14.263

 

So maybe fixed in 6.15?

0 Kudos
Notify Moderator
cmorehead
11-Garnet
11-Garnet
(To:Tanquen)
‎May 02, 2024 01:40 PM
‎May 02, 2024 01:40 PM

@Tanquen 

 

Please take a look at the Kepware knowledge base article in the following link.   It shows the vulnerability you have mentioned was recognized and addressed in the latest release of KEPServerEX (v6.15)

 

Article - CS397286 - Security vulnerability identified in PTC Kepware Products - CVE-2023-3825

 

Thanks,

 

*Chris

0 Kudos
Notify Moderator
Tanquen
6-Contributor
6-Contributor
(To:cmorehead)
‎May 02, 2024 02:38 PM
‎May 02, 2024 02:38 PM

I did find that they say it is fixed in 6.15. Sorry I did not get back here with that info.

 

How many versions is the KEPServerEX license good for? If you buy a license for v6.14 can you install anything up to v7?

0 Kudos
Notify Moderator
cmorehead
11-Garnet
11-Garnet
(To:Tanquen)
‎May 02, 2024 04:45 PM
‎May 02, 2024 04:45 PM

@Tanquen

 

 licenses are renewed on a yearly basis. If the license is not renewed, then the license will only be eligible for versions of the software that were released prior to the expiration date. 

 

Thanks,

*Chris 

0 Kudos
Notify Moderator
Top Tags