Vulnerabilities > PTC

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-29168 Insufficiently Protected Credentials vulnerability in PTC Vuforia Studio
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
network
low complexity
ptc CWE-522
7.5
2023-06-07 CVE-2023-29502 Path Traversal vulnerability in PTC Vuforia Studio
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
network
low complexity
ptc CWE-22
4.3
2023-06-07 CVE-2023-31200 Cross-Site Request Forgery (CSRF) vulnerability in PTC Vuforia Studio
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
network
low complexity
ptc CWE-352
8.0
2023-03-29 CVE-2022-2825 Stack-based Buffer Overflow vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge CWE-121
critical
9.8
2023-03-29 CVE-2022-2848 Heap-based Buffer Overflow vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge CWE-122
critical
9.1
2023-02-23 CVE-2023-0754 Integer Overflow or Wraparound vulnerability in multiple products
The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge CWE-190
critical
9.8
2023-02-23 CVE-2023-0755 Improper Validation of Array Index vulnerability in multiple products
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge CWE-129
critical
9.8
2022-03-16 CVE-2022-25246 Use of Hard-coded Credentials vulnerability in PTC Axeda Agent and Axeda Desktop Server
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation.
network
low complexity
ptc CWE-798
critical
9.0
2022-03-16 CVE-2022-25247 Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication.
network
low complexity
ptc CWE-306
critical
10.0
2022-03-16 CVE-2022-25248 Information Exposure vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
network
low complexity
ptc CWE-200
5.0