26 matches found
EUVD-2022-35082
Malicious code in bioql PyPI...
EUVD-2022-35061
Malicious code in bioql PyPI...
CVE-2022-2825
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...
The software vulnerabilities of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server allow attackers to execute arbitrary code or cause service failures.
The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the execution of operations outside the buffer in memory. Exploiting these...
The vulnerability of Kepware KEPServerEX and Kepware Server’s software lies in the insufficient protection of registration data, allowing attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
PTC Kepware KEPServerEX Security Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KepServerEX 6.14.263.0 and prior versions, which originates from a locally authenticated attacker who can escalate privileges to administrator by...
PTC Kepware KEPServerEX Security Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and earlier versions, which stems from the vulnerability of KEPServerEX's installer to DLL search order hijacking, which could...
PTC Kepware KepServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...
CVE-2022-2825
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2825
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2825
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2825
The CVE-2022-2825 issue affects Kepware KEPServerEX 6.11.718.0, with a stack-based buffer overflow in the handling of text encoding conversions caused by improper validation of the length of user-supplied data. It allows remote attackers to execute arbitrary code with SYSTEM privileges without au...
(Pwn2Own) Kepware KEPServerEX Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper...
PTC Kepware KEPServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...