Main Vulnerability Database SB2023120512

SB2023120512 - Multiple vulnerabilities in GE Digital Industrial Gateway Server

Published: December 5, 2023

Security Bulletin ID SB2023120512

Severity

High

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2023-5908)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack or leak information.

2) Improper validation of certificate with host mismatch (CVE-ID: CVE-2023-5909)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application does not properly validate certificates from clients. A remote attacker can connect to the application and gain access to sensitive information.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03