Vulnerabilities > PTC > Kepware Kepserverex > 6.0.2107.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-29445 | Uncontrolled Search Path Element vulnerability in PTC products An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 7.8 |
| 2024-01-10 | CVE-2023-29446 | Improper Input Validation vulnerability in PTC products An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. | 4.7 |
| 2024-01-10 | CVE-2023-29447 | Insufficiently Protected Credentials vulnerability in PTC products An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | 5.3 |
| 2024-01-10 | CVE-2023-29444 | Uncontrolled Search Path Element vulnerability in PTC products An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 7.3 |
| 2023-03-29 | CVE-2022-2825 | Stack-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.8 |
| 2023-03-29 | CVE-2022-2848 | Heap-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.1 |