149 matches found
CVE-2024-40395
CVE-2024-40395 : Concrete details across multiple connected sources confirm an Insecure Direct Object Reference (IDOR) in PT C ThingWorx v9.5.0 that lets an attacker view sensitive information, including PII, regardless of access level. The root cause is an IDOR in ThingWorx 9.5.0; impact is expo...
CVE-2024-40395
An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...
CVE-2024-6098 PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service...
CVE-2024-6098 PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service...
PTC Kepware ThingWorx Kepware Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable from adjacent network. Vendor : PTC Equipment : Kepware ThingWorx Kepware Server Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...
CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server...
CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server...
CVE-2024-6071
CVE-2024-6071: Missing Authorization in PTC Creo Elements/Direct License Server exposes a web interface that unauthenticated remote attackers can use to execute arbitrary OS commands. Affected products/versions include Creo Elements/Direct License Server (MEls) up to 20.7.0.0; other Creo Elements...
PTC Creo Elements/Direct License Server (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Creo Elements/Direct License Server Vulnerability : Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote...
CVE-2024-3951
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...
CVE-2024-3951 Cross-site Scripting in PTC Codebeamer
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...
CVE-2024-3951
PTC Codebeamer is affected by CVE-2024-3951: a cross-site scripting (CWE-79) vulnerability due to improper input neutralization in web page generation. Affects Codebeamer versions 22.10 SP9 and earlier; 2.0.0.3 and earlier; 2.1.0.0. Mitigations from PTC: upgrade to 22.10 SP10 or later, 2.0.0.4 or...
CVE-2024-3951 Cross-site Scripting in PTC Codebeamer
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-128-01 PTC Codebeamer ICSA-24-128-02 SUBNET Substation Server CISA encourages users and...
PTC Codebeamer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Codebeamer Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious code in the...
CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
CVE-2023-29446 Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
CVE-2023-29445 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...