Lucene search
+L

149 matches found

vulnrichment
vulnrichment
added 2022/03/16 2:3 p.m.8 views

CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...

7.5CVSS7.4AI score0.02435EPSS
Exploits0References2
cvelist
cvelist
added 2022/03/16 2:3 p.m.19 views

CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...

7.5CVSS7.6AI score0.02435EPSS
Exploits0References2
cvelist
cvelist
added 2022/03/16 2:3 p.m.19 views

CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

9.8CVSS9.3AI score0.01779EPSS
Exploits0References2
cvelist
cvelist
added 2022/03/16 2:3 p.m.24 views

CVE-2022-25247 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and...

9.8CVSS10AI score0.03991EPSS
Exploits0References2
thn
thn
added 2022/03/08 10:23 a.m.76 views

Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150...

10CVSS1.8AI score0.03991EPSS
Exploits0
cisa
cisa
added 2022/03/08 12:0 a.m.22 views

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

CISA has released an Industrial Controls Systems Advisory ICSA, detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change...

7.3AI score
Exploits0References2
cnnvd
cnnvd
added 2022/03/08 12:0 a.m.19 views

PTC Axeda agent 访问控制错误漏洞

PTC Axeda agent is an agent software from PTC. An access control error vulnerability exists in PTC Axeda agent that allows a remote, unauthenticated attacker to read and modify the configuration of an affected product...

7.5CVSS7.6AI score0.01629EPSS
Exploits0References6
cnnvd
cnnvd
added 2022/03/08 12:0 a.m.3 views

PTC Axeda agent 信息泄露漏洞

PTC Axeda agent is an agent software from PTC. An information disclosure vulnerability exists in the PTC Axeda agent that could allow an unauthenticated, remote attacker to gain file system read privileges via a web server...

5.3CVSS6.1AI score0.00892EPSS
Exploits0References6
ics
ics
added 2022/03/08 12:0 a.m.164 views

PTC Axeda agent and Axeda Desktop Server (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Axeda agent, Axeda Desktop Server Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor,...

10CVSS8.5AI score0.03991EPSS
Exploits0References5
nessus
nessus
added 2021/05/17 12:0 a.m.39 views

PTC OPC UA Server Multiple vulnerabilities

Binary data ptcopcuamultivulns.nbin...

9.8CVSS9.3AI score0.10062EPSS
Exploits0References6
ics
ics
added 2020/12/17 12:0 a.m.230 views

PTC Kepware LinkMaster

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low skill level to exploit Vendor: PTC Equipment: Kepware LinkMaster Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to globally overwrite the service...

9.3CVSS8.1AI score0.0066EPSS
Exploits1References5
ics
ics
added 2020/12/17 12:0 a.m.454 views

PTC Kepware KEPServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

9.8CVSS10AI score0.10062EPSS
Exploits0References5
openbugbounty
openbugbounty
added 2020/05/31 10:12 a.m.8 views

ptc-asia.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1179001 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
nvd
nvd
added 2018/12/17 7:29 p.m.14 views

CVE-2018-20092

PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request...

7.5CVSS7.5AI score0.02181EPSS
Exploits0References2
prion
prion
added 2018/12/17 7:29 p.m.13 views

Directory traversal

PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request...

5CVSS7.5AI score0.02181EPSS
Exploits0References2Affected Software1
cve
cve
added 2018/12/17 6:0 p.m.59 views

CVE-2018-20092

CVE-2018-20092 affects PTC ThingWorx Platform up to version 8.3.0. The vulnerability is a directory traversal flaw in ZIP file handling via a POST request. The underlying impact, as stated, is partial confidentiality with no other impacts (integrity/availability not affected) and no user interact...

7.5CVSS7.4AI score0.02181EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2018/12/17 6:0 p.m.23 views

CVE-2018-20092

PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request...

7.5AI score0.02181EPSS
Exploits0References2
zdt
zdt
added 2018/10/03 12:0 a.m.74 views

PTC ThingWorx Password Disclosure / Cross Site Scripting Vulnerabilities

PTC ThingWorx suffers from cross site scripting and password disclosure vulnerabilities. Versions affected include 6.5 through 7.4, 8.0.x, 8.1.x, and 8.2.x. ======================================================================= title: Password disclosure vulnerability & XSS product: PTC ThingWor...

6.4AI score0.01075EPSS
Exploits1
prion
prion
added 2018/10/01 1:29 a.m.15 views

Design/Logic Flaw

An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users...

4CVSS6.5AI score0.01075EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/10/01 1:29 a.m.18 views

CVE-2018-17218

An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function...

5.4CVSS5.4AI score0.00647EPSS
Exploits1References1
Rows per page
Query Builder