96 matches found
CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...
CVE-2023-29444 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...
The software vulnerabilities of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server allow attackers to execute arbitrary code or cause service failures.
The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the execution of operations outside the buffer in memory. Exploiting these...
The software of Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server is vulnerable, allowing a attacker to cause service failures.
The vulnerabilities of the Kepware KEPServerEX, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell Automation KEPServer Enterprise, and GE Digital Industrial Gateway Server software-related programs are related to the use of memory after it is freed. Exploiting these vulnerabilities can...
The vulnerabilities of the OPC-server software products such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are related to errors in the certificate validation process. These vulnerabilities allow attackers to bypass the certificate validation checks.
The vulnerabilities of the OPC-server software products such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are...
The vulnerabilities of the OPC-server software programs such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are related to the possibility of buffer overflows in dynamic memory. This allows attackers to access protected information or cause service failures.
The vulnerabilities of the OPC-server software products such as KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, ThingWorx Kepware Edge, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server, and Software Toolbox TOP Server are...
The vulnerability of Kepware KEPServerEX and ThingWorkx Kepware Server software lies in the uncontrolled element of the search path, allowing a attacker to replace the installer with an arbitrary DLL library.
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a attacker to replace the installer with a program that uses arbitrary DLL libraries...
The vulnerability of Kepware KEPServerEX and Kepware Server’s software lies in the insufficient protection of registration data, allowing attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, related to an uncontrolled element in the search process, allows a hacker to increase privileges within the system and load any desired DLL library.
The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to increase their privileges within the system and load any desired DLL libraries...
The vulnerability of Kepware OPC-server software from Kepware KEPServerEX and ThingWorkx Kepware Server lies in the insufficient validation of input data, allowing attackers to access confidential information.
The vulnerability of the OPC-server software from Kepware, KEPServerEX, and ThingWorkx Kepware Server, lies in insufficient validation of input data. Exploiting this vulnerability can allow attackers to access confidential information by loading any arbitrary project file...
PTC Kepware KEPServerEX Security Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KepServerEX 6.14.263.0 and prior versions, which originates from a locally authenticated attacker who can escalate privileges to administrator by...
PTC Kepware KEPServerEX Security Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and prior versions, which stems from the Web server's use of basic authentication to protect user credentials, and can be...
PTC Kepware KEPServerEX Security Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and earlier versions, which stems from the vulnerability of KEPServerEX's installer to DLL search order hijacking, which could...
PTC Kepware KepServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...
PT-2023-5235 · Kepware +1 · Kepserverex +1
Name of the Vulnerable Software and Affected Versions: KEPServerEX versions affected versions not specified ThingWorx Kepware Server versions affected versions not specified Description: The issue is related to an uncontrolled search path element vulnerability, also known as DLL hijacking. This...
PT-2023-5234 · Kepware +1 · Kepserverex +1
Name of the Vulnerable Software and Affected Versions: KEPServerEX versions affected versions not specified ThingWorx Kepware Server versions affected versions not specified Description: The issue is related to an uncontrolled search path element, which could allow a locally authenticated adversa...
PTC Kepware KEPServerEX 缓冲区错误漏洞
PTC Kepware KEPServerEX is an industrial automation data connectivity solution u200bu200b from PTC Corporation. A buffer error vulnerability exists in PTC Kepware KEPServerEX versions 6.0 through 6.14.263, which stems from the vulnerability of being easily forced to read recursively defined...
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...