Serial number: AV23-112
Date: February 23, 2023
On February 23, 2023, ICS-CERT published an ICS Advisory to address vulnerabilities in the following products:
- ThingWorx Edge C-SDK – version 2.2.12.1052 and prior
- .NET-SDK – version 5.8.4.971 and prior
- ThingWorx Edge MicroServer (EMS) – version 5.4.10.0 and prior
- Kepware KEPServerEX – version 6.12 and prior
- ThingWorx Kepware Server – version 6.12 and prior
- ThingWorx Industrial Connectivity – all versions
- ThingWorx Kepware Edge – version 1.5 and prior
- Rockwell Automation KEPServer Enterprise – version 6.12 and prior
- GE Digital Industrial Gateway Server – version 7.612 and prior
Exploitation of these vulnerabilities could result in denial of service and remote code execution.
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.