CVE-2022-25251 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated...

CVE-2022-25252 PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticat...

CVE-2022-25250 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to sh...

CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...

CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...

CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

CVE-2022-25247 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and...

Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150...

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

CISA has released an Industrial Controls Systems Advisory ICSA, detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change...

PTC Axeda agent 访问控制错误漏洞

PTC Axeda agent is an agent software from PTC. An access control error vulnerability exists in PTC Axeda agent that allows a remote, unauthenticated attacker to read and modify the configuration of an affected product...

PTC Axeda agent 信息泄露漏洞

PTC Axeda agent is an agent software from PTC. An information disclosure vulnerability exists in the PTC Axeda agent that could allow an unauthenticated, remote attacker to gain file system read privileges via a web server...