Lucene search
+L

149 matches found

CVE
CVE
added 2024/08/27 12:0 a.m.61 views

CVE-2024-40395

CVE-2024-40395 : Concrete details across multiple connected sources confirm an Insecure Direct Object Reference (IDOR) in PT C ThingWorx v9.5.0 that lets an attacker view sensitive information, including PII, regardless of access level. The root cause is an IDOR in ThingWorx 9.5.0; impact is expo...

6.5CVSS6.5AI score0.00622EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/27 12:0 a.m.14 views

CVE-2024-40395

An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...

6.8AI score0.00622EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/16 2:57 p.m.23 views

CVE-2024-6098 PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling

When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service...

5.9CVSS7.2AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/16 2:57 p.m.26 views

CVE-2024-6098 PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling

When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service...

5.9CVSS0.004EPSS
Exploits0References2
ICS
ICS
added 2024/08/15 6:0 a.m.19 views

PTC Kepware ThingWorx Kepware Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable from adjacent network. Vendor : PTC Equipment : Kepware ThingWorx Kepware Server Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...

5.9CVSS5.5AI score0.004EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/06/27 11:5 p.m.29 views

CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server...

10CVSS8AI score0.01118EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/27 11:5 p.m.44 views

CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server...

10CVSS0.01118EPSS
Exploits0References2
CVE
CVE
added 2024/06/27 11:5 p.m.61 views

CVE-2024-6071

CVE-2024-6071: Missing Authorization in PTC Creo Elements/Direct License Server exposes a web interface that unauthenticated remote attackers can use to execute arbitrary OS commands. Affected products/versions include Creo Elements/Direct License Server (MEls) up to 20.7.0.0; other Creo Elements...

10CVSS9.9AI score0.01118EPSS
Exploits0References2
ICS
ICS
added 2024/06/25 6:0 a.m.43 views

PTC Creo Elements/Direct License Server (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Creo Elements/Direct License Server Vulnerability : Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote...

10CVSS10AI score0.01118EPSS
Exploits0References10
NVD
NVD
added 2024/05/08 3:15 p.m.37 views

CVE-2024-3951

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...

7.1CVSS6.7AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/08 2:38 p.m.30 views

CVE-2024-3951 Cross-site Scripting in PTC Codebeamer

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...

7.1CVSS6.3AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2024/05/08 2:38 p.m.76 views

CVE-2024-3951

PTC Codebeamer is affected by CVE-2024-3951: a cross-site scripting (CWE-79) vulnerability due to improper input neutralization in web page generation. Affects Codebeamer versions 22.10 SP9 and earlier; 2.0.0.3 and earlier; 2.1.0.0. Mitigations from PTC: upgrade to 22.10 SP10 or later, 2.0.0.4 or...

7.1CVSS6.2AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/08 2:38 p.m.45 views

CVE-2024-3951 Cross-site Scripting in PTC Codebeamer

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...

7.1CVSS6.8AI score0.00348EPSS
Exploits0References1
CISA
CISA
added 2024/05/07 12:0 p.m.7 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-128-01 PTC Codebeamer ICSA-24-128-02 SUBNET Substation Server CISA encourages users and...

7AI score
Exploits0References2
ICS
ICS
added 2024/05/07 6:0 a.m.53 views

PTC Codebeamer

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Codebeamer Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious code in the...

7.1CVSS7AI score0.00348EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/01/10 8:24 p.m.57 views

CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

5.7CVSS5.8AI score0.00306EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 8:24 p.m.3 views

CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

5.7CVSS7.1AI score0.00306EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 8:21 p.m.19 views

CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS7AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/10 8:21 p.m.30 views

CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS5AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 8:17 p.m.2 views

CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...

7.8CVSS7.2AI score0.00217EPSS
Exploits0References3
Rows per page
Query Builder