Ptc Security Vulnerabilities
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element.
6.5AI Score
0.001EPSS
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
8.2AI Score
0.9EPSS
Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute.
8.3AI Score
0.866EPSS
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.
6.5CVSS
6.5AI Score
0.001EPSS
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.
5.4CVSS
5.3AI Score
0.001EPSS
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.
7.5CVSS
7.4AI Score
0.003EPSS
A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.
7.8CVSS
8AI Score
0.001EPSS
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are ...
9.1CVSS
9.2AI Score
0.016EPSS
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are v...
9.8CVSS
9.4AI Score
0.008EPSS
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, ar...
9.1CVSS
9.2AI Score
0.016EPSS
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.
9.8CVSS
8.7AI Score
0.004EPSS
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and ...
9.8CVSS
9.7AI Score
0.008EPSS
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
5.3CVSS
6.3AI Score
0.001EPSS
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server..
7.5CVSS
7.8AI Score
0.002EPSS
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to ...
7.5CVSS
8.1AI Score
0.002EPSS
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated at...
9.8CVSS
9.2AI Score
0.004EPSS
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthentic...
7.5CVSS
8AI Score
0.002EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack ...
9.8CVSS
9.6AI Score
0.004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack ...
9.1CVSS
9.4AI Score
0.003EPSS
The affected products are vulnerable to an integeroverflow or wraparound, which could allow an attacker to crash the server and remotelyexecute arbitrary code.
9.8CVSS
9.3AI Score
0.001EPSS
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
9.8CVSS
9.5AI Score
0.002EPSS
An attacker with local access to the machine could record the traffic,which could allow them to resend requests without the serverauthenticating that the user or session are valid.
3.3CVSS
4.1AI Score
0.0004EPSS
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
9.9CVSS
9.4AI Score
0.001EPSS
By changing the filename parameter in the request, an attacker coulddelete any file with the permissions of the Vuforia server account.
8.1CVSS
8AI Score
0.001EPSS
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
7.5CVSS
7.5AI Score
0.001EPSS
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their mali...
7.3CVSS
7.6AI Score
0.0004EPSS
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
7.8CVSS
7.6AI Score
0.0004EPSS
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
4.7CVSS
4.7AI Score
0.001EPSS
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
5.7CVSS
5.2AI Score
0.001EPSS
Before importing a project into Vuforia, a user could modify the“resourceDirectory” attribute in the appConfig.json file to be adifferent path.
6.2CVSS
4.5AI Score
0.0005EPSS
PTC Vuforia Studio does not require a token; this could allow anattacker with local access to perform a cross-site request forgeryattack or a replay attack.
8CVSS
7.6AI Score
0.001EPSS
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
9.1CVSS
9.2AI Score
0.001EPSS
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
7.5CVSS
7.5AI Score
0.001EPSS