CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

Code injection

?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

PVS Target Device hangs/freezes when placed under isolation by Windows Defender

The PVS Target VM goes into a hung state...

No device licenses are currently available error when using Server OS Target Devices

PVS Target devices report"No device licenses are currently Available" Restarting the PVS targets will temporarily make the error go away but it will re-appear after a brief period Under Target Device properties the assigned license will be listed as "n/a" despite licenses being available In the P...

PVS target BSOD on CVhdMp.sys

The VMWare based PVS target boots from the vdisk to message "Attempting to set IP address on Boot NIC..." and 60 seconds later BSODs. The vdisk will boot successfully on the master target device, but not on other devices...

CVE-2022-24695

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...

PVS boot time message "Attempting to set IP address on Boot NIC.......complete after 51s."

Target devices show a boot time message "Attempting to set IP address on Boot NIC.......complete after 51s." This message was not observed in earlier versions of PVS target device software like PVS 1912...

How to troubleshoot PVS target device domain trust issue

Since both Citrix and Microsoft and 3rd party software can initiate changing password, sometimes the TD may lose domain trust. Reset machine password from PVS console can solve the issue, but sometimes we need to find out the root cause if too many TDs lose domain trust. This article aims to give...

Target device cannot access VDisk and boot, Event ID 11 seen on Provisioning server

Some or all target devices cannot access the VDisk at boot - the device will get a boot file but be unable to go further. On the PVS servers: Event id 11 from StreamProcess.exe is seen with the error detail:Detected one or more hung threads...

Low PVS boot throughput

A customer observed that PVS target device boot statistics, viewed in status tray tool, showed low throughput and a long boot time on existing target devices. Testing a new vdisk, minimal install with just PVS target device software and not domain joined, showed much quicker boot time and higher...

Tacitine Firewall EN6200 Command Injection Vulnerability

Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...

Buffer overflow

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

CVE-2022-31482 Denial-of-Service via internal structure overflow

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

Design/Logic Flaw

eProsima Fast DDS versions prior to 2.4.0 2269 are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure...

PVS - 1912 - Unable to boot TD. Error "Server [IP Address]:6930: vDisk file access permission denied."

Unable to boot Target Device. Error "Server IP Address:6930: vDisk file access permission denied."...

Permissions Required for Service Account to Reset Password of Target Device from PVS console

...

CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...

Huawei iManager NetEco CSV Injection Vulnerability

Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...

Huawei Imanager NetEco 代码注入漏洞

Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...