CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/102.html
• https://cwe.mitre.org/data/definitions/474.html
• https://cwe.mitre.org/data/definitions/50.html
• https://cwe.mitre.org/data/definitions/509.html
• https://cwe.mitre.org/data/definitions/551.html
• https://cwe.mitre.org/data/definitions/555.html
• https://cwe.mitre.org/data/definitions/560.html
• https://cwe.mitre.org/data/definitions/561.html
• https://cwe.mitre.org/data/definitions/600.html
• https://cwe.mitre.org/data/definitions/644.html
• https://cwe.mitre.org/data/definitions/645.html
• https://cwe.mitre.org/data/definitions/652.html
• https://cwe.mitre.org/data/definitions/653.html

References

• https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
• https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/
• https://www.ptc.com/en/support/article/cs399528
• https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
• https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/
• https://www.ptc.com/en/support/article/cs399528