Vulnerabilities > PTC > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-30 | CVE-2023-5908 | Classic Buffer Overflow vulnerability in multiple products KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | 9.1 |
2023-06-07 | CVE-2023-27881 | Unspecified vulnerability in PTC Vuforia Studio A user could use the “Upload Resource” functionality to upload files to any location on the disk. | 9.9 |
2023-03-29 | CVE-2022-2825 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.8 |
2023-03-29 | CVE-2022-2848 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.1 |
2023-02-23 | CVE-2023-0754 | The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
2023-02-23 | CVE-2023-0755 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
2022-03-16 | CVE-2022-25247 | Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. | 9.8 |
2022-03-16 | CVE-2022-25251 | Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. | 9.8 |
2021-01-14 | CVE-2020-27267 | Out-of-bounds Write vulnerability in multiple products KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. | 9.1 |
2021-01-14 | CVE-2020-27265 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 9.8 |