Lucene search

IcscertCVELIST:CVE-2022-25248

HistoryMar 16, 2022 - 2:03 p.m.

CVE-2022-25248 PTC Axeda agent and Axeda Desktop Server Information Exposure

2022-03-1614:03:32

CWE-200

icscert

www.cve.org

cve-2022-25248

axeda agent

axeda desktop server

information exposure

windows

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.

CNA Affected

[
  {
    "product": "Axeda agent",
    "vendor": "PTC",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  },
  {
    "product": "Axeda Desktop Server for Windows",
    "vendor": "PTC",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-067-01

www.ptc.com/en/support/article/CS363561

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Related for CVELIST:CVE-2022-25248