Lucene search

IcscertCVELIST:CVE-2022-25252

HistoryMar 08, 2022 - 12:00 a.m.

CVE-2022-25252 PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions

2022-03-0800:00:00

CWE-703

icscert

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.7%

JSON

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.

CNA Affected

[
  {
    "product": "Axeda agent",
    "vendor": "PTC",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  },
  {
    "product": "Axeda Desktop Server for Windows",
    "vendor": "PTC",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-067-01

www.ptc.com/en/support/article/CS363561

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVELIST:CVE-2022-25252