CVE-2023-0755 - Vulnerability Details - OpenCVE

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Ge	Digital Industrial Gateway Server
Ptc	Kepware Server Kepware Serverex Thingworx .net-sdk Thingworx Edge C-sdk Thingworx Edge Microserver Thingworx Industrial Connectivity Thingworx Kepware Edge
Rockwellautomation	Kepserver Enterprise

Configuration 1 [-]

OR	cpe:2.3:a:ge:digital_industrial_gateway_server::::::::
	cpe:2.3:a:ptc:kepware_server::::::::
	cpe:2.3:a:ptc:kepware_serverex::::::::
	cpe:2.3:a:ptc:thingworx_.net-sdk::::::::
	cpe:2.3:a:ptc:thingworx_edge_c-sdk::::::::
	cpe:2.3:a:ptc:thingworx_edge_microserver::::::::
	cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_edge::::::::
	cpe:2.3:a:rockwellautomation:kepserver_enterprise::::::::

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-02-23T21:23:19.210Z

Updated: 2025-01-16T21:55:52.537Z

Reserved: 2023-02-08T20:21:34.258Z

Link: CVE-2023-0755

Vulnrichment

Updated: 2024-08-02T05:24:34.155Z

NVD

Status : Modified

Published: 2023-02-23T22:15:11.427

Modified: 2024-11-21T07:37:45.493

Link: CVE-2023-0755

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0755", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-02-08T20:21:34.258Z", "datePublished": "2023-02-23T21:23:19.210Z", "dateUpdated": "2025-01-16T21:55:52.537Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThingWorx Edge C-SDK", "vendor": "PTC", "versions": [{"lessThanOrEqual": "v2.2.12.1052 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": ".NET-SDK", "vendor": "Microsoft", "versions": [{"lessThanOrEqual": "v5.8.4.971 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ThingWorx Edge MicroServer (EMS)", "vendor": "PTC", "versions": [{"lessThanOrEqual": "v5.4.10.0 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Kepware KEPServerEX", "vendor": "PTC", "versions": [{"lessThanOrEqual": "v6.12 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ThingWorx Kepware Server ", "vendor": "PTC", "versions": [{"lessThanOrEqual": "v6.12 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ThingWorx Industrial Connectivity", "vendor": "PTC", "versions": [{"status": "affected", "version": "All Versions "}]}, {"defaultStatus": "unaffected", "product": "ThingWorx Kepware Edge", "vendor": "PTC", "versions": [{"lessThanOrEqual": "v1.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "KEPServer Enterprise ", "vendor": "Rockwell Automation ", "versions": [{"lessThanOrEqual": "v6.12", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digital Industrial Gateway Server ", "vendor": "General Electric ", "versions": [{"lessThanOrEqual": "v7.612", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA."}], "datePublic": "2023-02-23T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.</span>\n\n"}], "value": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-23T21:23:19.210Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>PTC has released the following resolutions:</p>\n\n<p>Update the impacted product to the latest version:</p>\n\n<p>\u00b7        \nThingWorx Edge C-SDK: 3.0.0 or later.</p>\n\n<p>\u00b7        \nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.</p>\n\n<p>\u00b7        \n.NET-SDK: v5.8.5 or later.</p>\n\n<p>For Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is <b>not</b> enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:</p>\n\n<p>\u00b7        \nKepware KEPServerEX: v6.13 or later.</p>\n\n<p>\u00b7        \nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.</p>\n\n<p>\u00b7        \nThingWorx Kepware Edge: v1.6 or later.</p>\n\n<p>The following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: </p>\n\n<p>\u00b7        \nRockwell Automation KEPServer Enterprise: v6.13\nor later.</p>\n\n<p>\u00b7        \nGE Digital Industrial Gateway Server: v7.613 or\nlater.</p>\n\n<p>For\nmore information see PTC\u2019s <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS385715\">Customer Support Article\n</a>.</p>\n\n\n\n\n\n<br>"}], "value": "PTC has released the following resolutions:\n\n\n\nUpdate the impacted product to the latest version:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge C-SDK: 3.0.0 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\n.NET-SDK: v5.8.5 or later.\n\n\n\nFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is not enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nKepware KEPServerEX: v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Edge: v1.6 or later.\n\n\n\nThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\n\n\n\nFor\nmore information see PTC\u2019s Customer Support Article\n.\n\n\n\n\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.155Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:59:08.379075Z", "id": "CVE-2023-0755", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:55:52.537Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.155Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0755", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-16T20:59:08.379075Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:59:09.871Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Chris Anastasio and Steven Seeley of Incite Team reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PTC", "product": "ThingWorx Edge C-SDK", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v2.2.12.1052 "}], "defaultStatus": "unaffected"}, {"vendor": "Microsoft", "product": ".NET-SDK", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v5.8.4.971 "}], "defaultStatus": "unaffected"}, {"vendor": "PTC", "product": "ThingWorx Edge MicroServer (EMS)", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v5.4.10.0 "}], "defaultStatus": "unaffected"}, {"vendor": "PTC", "product": "Kepware KEPServerEX", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.12 "}], "defaultStatus": "unaffected"}, {"vendor": "PTC", "product": "ThingWorx Kepware Server ", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.12 "}], "defaultStatus": "unaffected"}, {"vendor": "PTC", "product": "ThingWorx Industrial Connectivity", "versions": [{"status": "affected", "version": "All Versions "}], "defaultStatus": "unaffected"}, {"vendor": "PTC", "product": "ThingWorx Kepware Edge", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v1.5"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation ", "product": "KEPServer Enterprise ", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.12"}], "defaultStatus": "unaffected"}, {"vendor": "General Electric ", "product": "Digital Industrial Gateway Server ", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v7.612"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "PTC has released the following resolutions:\n\n\n\nUpdate the impacted product to the latest version:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge C-SDK: 3.0.0 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\n.NET-SDK: v5.8.5 or later.\n\n\n\nFor Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is not enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nKepware KEPServerEX: v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nThingWorx Kepware Edge: v1.6 or later.\n\n\n\nThe following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: \n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nRockwell Automation KEPServer Enterprise: v6.13\nor later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGE Digital Industrial Gateway Server: v7.613 or\nlater.\n\n\n\nFor\nmore information see PTC\u2019s Customer Support Article\n.\n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>PTC has released the following resolutions:</p>\n\n<p>Update the impacted product to the latest version:</p>\n\n<p>\u00b7        \nThingWorx Edge C-SDK: 3.0.0 or later.</p>\n\n<p>\u00b7        \nThingWorx Edge MicroServer (EMS): v5.4.11 or\nlater.</p>\n\n<p>\u00b7        \n.NET-SDK: v5.8.5 or later.</p>\n\n<p>For Kepware products, the vulnerability is mitigated if the\nThingWorx Interface is <b>not</b> enabled. To use the ThingWorx Interface\nwithout the vulnerability, update to the latest version of the product:</p>\n\n<p>\u00b7        \nKepware KEPServerEX: v6.13 or later.</p>\n\n<p>\u00b7        \nThingWorx Kepware Server (formerly ThingWorx\nIndustrial Connectivity): v6.13 or later.</p>\n\n<p>\u00b7        \nThingWorx Kepware Edge: v1.6 or later.</p>\n\n<p>The following products should be upgraded as indicated or in\naccordance with the applicable organization\u2019s recommendations if the ThingWorx\nInterface is in use: </p>\n\n<p>\u00b7        \nRockwell Automation KEPServer Enterprise: v6.13\nor later.</p>\n\n<p>\u00b7        \nGE Digital Industrial Gateway Server: v7.613 or\nlater.</p>\n\n<p>For\nmore information see PTC\u2019s <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS385715\">Customer Support Article\n</a>.</p>\n\n\n\n\n\n<br>", "base64": false}]}], "datePublic": "2023-02-23T17:00:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-23T21:23:19.210Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0755", "state": "PUBLISHED", "dateUpdated": "2025-01-16T21:55:52.537Z", "dateReserved": "2023-02-08T20:21:34.258Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-02-23T21:23:19.210Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:digital_industrial_gateway_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4D9E061-4E5C-4390-916D-8AABE3523E16", "versionEndIncluding": "7.612", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A50F0395-983A-4261-9FE3-40762E5EC02F", "versionEndIncluding": "6.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_serverex:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7C3EDBB-FEB2-4BE7-A379-AF07F1BCD46D", "versionEndIncluding": "6.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_.net-sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "63EBD473-C1FD-4B90-BEB9-38488F6EC8A5", "versionEndIncluding": "5.8.4.971", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_edge_c-sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D82325D-070B-462B-B92F-34CC047D3340", "versionEndIncluding": "2.2.12.1052", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_edge_microserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "E860B82D-355A-4AB3-AA93-6B1D15A1B2D7", "versionEndIncluding": "5.4.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*", "matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*", "matchCriteriaId": "C16730F8-C263-478B-B286-9831FFF5A409", "versionEndIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5A51513-026A-43DA-9CB6-D5B68819CA47", "versionEndIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nThe affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.\n\n"}], "id": "CVE-2023-0755", "lastModified": "2024-11-21T07:37:45.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-23T22:15:11.427", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}