Recent CVEs
CVE-2024-6098
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.
MEDIUM
Aug 16, 2024
CVE-2023-5909
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
HIGH
Nov 30, 2023
CVE-2023-5908
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
CRITICAL
Nov 30, 2023