149 matches found
CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal
When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...
CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal
When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...
CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials
Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...
CVE-2022-25247 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function
Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and...
Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices
As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150...
CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server
CISA has released an Industrial Controls Systems Advisory ICSA, detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change...
PTC Axeda agent 访问控制错误漏洞
PTC Axeda agent is an agent software from PTC. An access control error vulnerability exists in PTC Axeda agent that allows a remote, unauthenticated attacker to read and modify the configuration of an affected product...
PTC Axeda agent 信息泄露漏洞
PTC Axeda agent is an agent software from PTC. An information disclosure vulnerability exists in the PTC Axeda agent that could allow an unauthenticated, remote attacker to gain file system read privileges via a web server...
PTC Axeda agent and Axeda Desktop Server (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Axeda agent, Axeda Desktop Server Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor,...
PTC OPC UA Server Multiple vulnerabilities
Binary data ptcopcuamultivulns.nbin...
PTC Kepware LinkMaster
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low skill level to exploit Vendor: PTC Equipment: Kepware LinkMaster Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to globally overwrite the service...
PTC Kepware KEPServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
ptc-asia.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1179001 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2018-20092
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request...
Directory traversal
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request...
CVE-2018-20092
CVE-2018-20092 affects PTC ThingWorx Platform up to version 8.3.0. The vulnerability is a directory traversal flaw in ZIP file handling via a POST request. The underlying impact, as stated, is partial confidentiality with no other impacts (integrity/availability not affected) and no user interact...
CVE-2018-20092
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request...
PTC ThingWorx Password Disclosure / Cross Site Scripting Vulnerabilities
PTC ThingWorx suffers from cross site scripting and password disclosure vulnerabilities. Versions affected include 6.5 through 7.4, 8.0.x, 8.1.x, and 8.2.x. ======================================================================= title: Password disclosure vulnerability & XSS product: PTC ThingWor...
Design/Logic Flaw
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users...
CVE-2018-17218
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function...