Vulnerabilities > PTC > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-10 | CVE-2023-29445 | Uncontrolled Search Path Element vulnerability in PTC products An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 7.8 |
2024-01-10 | CVE-2023-29444 | Uncontrolled Search Path Element vulnerability in PTC products An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 7.3 |
2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
2023-06-07 | CVE-2023-29152 | Unspecified vulnerability in PTC Vuforia Studio By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | 8.1 |
2023-06-07 | CVE-2023-29168 | Unspecified vulnerability in PTC Vuforia Studio The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | 7.5 |
2023-06-07 | CVE-2023-31200 | Unspecified vulnerability in PTC Vuforia Studio PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | 8.0 |
2022-03-16 | CVE-2022-25246 | Use of Hard-coded Credentials vulnerability in PTC Axeda Agent and Axeda Desktop Server Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. | 8.8 |
2022-03-16 | CVE-2022-25249 | Path Traversal vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | 7.5 |
2022-03-16 | CVE-2022-25250 | Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. | 7.5 |
2022-03-16 | CVE-2022-25252 | Improper Check for Unusual or Exceptional Conditions vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. | 7.5 |