CVE-2024-6098: 
PTC KEPServerEX vulnerability analysis and mitigation

CVE-2024-6098 is a vulnerability affecting PTC Kepware ThingWorx Kepware Server and related products that communicate using the ControlLogix protocol. The vulnerability was disclosed on August 15, 2024, and affects multiple product versions including PTC Kepware ThingWorx Kepware Server V6, PTC Kepware KEPServerEX V6, Software Toolbox TOP Server V6, and GE IGS V7.6x (CISA Advisory).

The vulnerability is classified as an Allocation of Resources Without Limits or Throttling (CWE-770) issue. When performing online tag generation to devices using the ControlLogix protocol, a machine-in-the-middle or incorrectly configured device could trigger unrestricted resource allocation. The vulnerability has received a CVSS v3.1 base score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, and a CVSS v4.0 score of 5.9 (MEDIUM) (CISA Advisory).

Successful exploitation of this vulnerability could lead to a denial-of-service condition and crash the Kepware application. While these functions are turned off by default, they remain accessible for users who require their functionality (CISA Advisory).

PTC recommends implementing a defense-in-depth approach for manufacturing networks and ensuring proper access control. Users should follow the Kepware Secure Deployment Guide for accurate configuration. CISA recommends minimizing network exposure for control system devices, locating control system networks behind firewalls, isolating them from business networks, and using secure methods like VPNs when remote access is required (CISA Advisory).

The vulnerability was discovered and reported by Sharon Brizinov and Vera Mens of Claroty Research - Team82 (CISA Advisory).