Lucene search
DragosCVELIST:CVE-2023-29445HistoryJan 10, 2024 - 8:17 p.m.
CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
2024-01-1020:17:12
CWE-427
Dragos
www.cve.org
cve-2023-29445
uncontrolled search path
kepware kepserverex
privilege escalation
dll hijacking
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
0.4%
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
]Related
cve
cve
CVE-2023-29445
2024-01-10 21:15:08
nvd
nvd
CVE-2023-29445
2024-01-10 21:15:08
prion
prion
Path traversal
2024-01-10 21:15:00
ics
ics
PTC Kepware KepServerEX (Update A)
2023-10-12 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
0.4%
Related for CVELIST:CVE-2023-29445