Vulnerabilities > PTC

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-29168 Unspecified vulnerability in PTC Vuforia Studio
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
network
low complexity
ptc
7.5
2023-06-07 CVE-2023-29502 Unspecified vulnerability in PTC Vuforia Studio
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
network
low complexity
ptc
4.3
2023-06-07 CVE-2023-31200 Unspecified vulnerability in PTC Vuforia Studio
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
network
low complexity
ptc
8.0
2023-03-29 CVE-2022-2825 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge
critical
9.8
2023-03-29 CVE-2022-2848 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge
critical
9.1
2023-02-23 CVE-2023-0754 The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge
critical
9.8
2023-02-23 CVE-2023-0755 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge
critical
9.8
2022-03-16 CVE-2022-25246 Use of Hard-coded Credentials vulnerability in PTC Axeda Agent and Axeda Desktop Server
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation.
network
low complexity
ptc CWE-798
8.8
2022-03-16 CVE-2022-25247 Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication.
network
low complexity
ptc CWE-306
critical
9.8
2022-03-16 CVE-2022-25248 Information Exposure vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
network
low complexity
ptc CWE-200
5.3