7 matches found
CVE-2022-25247
CVE-2022-25247 affects PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The flaw is missing authentication for a critical function that lets a remote unauthenticated attacker send commands to a specific port, potentially enabling remote code execution and full filesystem acces...
CVE-2022-25252
PTC Axeda Agent and Axeda Desktop Server are affected by CVE-2022-25252 (and related issues) due to improper handling of exceptional conditions and other flaws across all versions. The NVD/CISA details indicate multiple weaknesses including hard-coded credentials, missing authentication, and path...
CVE-2022-25249
CVE-2022-25249 affects PTC Axeda agent and Axeda Desktop Server for Windows. All Axeda agent versions (except v6.9.2 and v6.9.3) are vulnerable to a path traversal flaw in the web server that could allow a remote, unauthenticated attacker to obtain read access to the file system via a port used b...
CVE-2022-25248
CVE-2022-25248 and related Axeda vulnerabilities affect the PTC Axeda agent and Axeda Desktop Server (Windows) across all versions prior to 6.9.3. The issues include hard-coded credentials (CVE-2022-25246), missing authentication for critical functions (CVE-2022-25247, CVE-2022-25251), exposure o...
CVE-2022-25246
CVE-2022-25246 affects the PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The vulnerability is due to the use of hard-coded credentials for the UltraVNC installation, which could enable a remote, authenticated attacker to take full remote control of the host OS. The related ...
CVE-2022-25251
CVE-2022-25251 affects the PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The flaw is Missing Authentication for a Critical Function (CWE-306) where an unauthenticated remote attacker can send certain XML messages to a port and read/modify the product’s configuration. The IC...
CVE-2022-25250
CVE-2022-25250 affects PTC Axeda agent (all versions) and Axeda Desktop Server for Windows (all versions). It is a missing authentication for a critical function vulnerability that allows a remote unauthenticated attacker to send a command to a port and shutdown a service (CVE-25250, CVSS v3.1 ba...