Vulnerabilities > PTC > Thingworx Industrial Connectivity > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-5908 Classic Buffer Overflow vulnerability in multiple products
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
network
low complexity
ptc softwaretoolbox ge rockwellautomation CWE-120
critical
9.1
2023-03-29 CVE-2022-2848 Heap-based Buffer Overflow vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge CWE-122
critical
9.1
2023-03-29 CVE-2022-2825 Stack-based Buffer Overflow vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge CWE-121
critical
9.8
2023-02-23 CVE-2023-0755 Improper Validation of Array Index vulnerability in multiple products
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge CWE-129
critical
9.8
2023-02-23 CVE-2023-0754 Integer Overflow or Wraparound vulnerability in multiple products
The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge CWE-190
critical
9.8