CVE-2023-0755 Vulnerability Details

  /     /     /  

CVE-2023-0755 Metadata Quick Info

CVE Published: 23/02/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: icscert | Vendor: PTC | Product: ThingWorx Edge C-SDK
Status : PUBLISHED

---

CVE-2023-0755 Description

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-129
CWE Name: CWE-129 Improper Validation of Array Index
Source: PTC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).