Vulnerabilities > PTC > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-5908 Classic Buffer Overflow vulnerability in multiple products
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
network
low complexity
ptc softwaretoolbox ge rockwellautomation CWE-120
critical
9.1
2023-06-07 CVE-2023-27881 Unspecified vulnerability in PTC Vuforia Studio
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
network
low complexity
ptc
critical
9.9
2023-03-29 CVE-2022-2825 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge
critical
9.8
2023-03-29 CVE-2022-2848 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge
critical
9.1
2023-02-23 CVE-2023-0754 The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge
critical
9.8
2023-02-23 CVE-2023-0755 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge
critical
9.8
2022-03-16 CVE-2022-25247 Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication.
network
low complexity
ptc CWE-306
critical
9.8
2022-03-16 CVE-2022-25251 Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication.
network
low complexity
ptc CWE-306
critical
9.8
2021-01-14 CVE-2020-27267 Out-of-bounds Write vulnerability in multiple products
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow.
network
low complexity
ptc ge rockwellautomation softwaretoolbox CWE-787
critical
9.1
2021-01-14 CVE-2020-27265 Out-of-bounds Write vulnerability in multiple products
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow.
network
low complexity
ptc ge rockwellautomation softwaretoolbox CWE-787
critical
9.8