Security News > 2022 > March > Access:7 vulnerabilities impact medical and IoT devices
A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors.
Developed by Parametric Technology Corporation, the Axeda platform through locally deployed agents provides telemetry data from IoT devices on the network and the option for remote service.
Anonymous customer data that Forescout collects through its Device Cloud solution shows more than 2,000 unique devices running Axeda on their networks.
In a report today, Forescout explains that in the case of medical devices, even the less severe Access:7 vulnerabilities can have a significant impact.
An attacker gaining read access by exploiting CVE-2022-25249 on an imaging or lab device - where Axeda agents are more present, as per Forescount data - could steal protected health information or diagnostics about a patient and sell it on for a profit if it's a high-value victim.
To reduce risk to a minimum, Forescout created a list of devices currently using or having used Axeda from as many vendors as possible, even if they are inactive Axeda customers, and alerted them of the vulnerabilities.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2022-25249 | Path Traversal vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | 7.5 |