Vulnerabilities > PTC > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-29445 Uncontrolled Search Path Element vulnerability in PTC products
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
local
low complexity
ptc CWE-427
7.8
2024-01-10 CVE-2023-29444 Uncontrolled Search Path Element vulnerability in PTC products
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
local
low complexity
ptc CWE-427
7.3
2023-11-30 CVE-2023-5909 Improper Certificate Validation vulnerability in multiple products
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
7.5
2023-06-07 CVE-2023-29152 Unspecified vulnerability in PTC Vuforia Studio
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
network
low complexity
ptc
8.1
2023-06-07 CVE-2023-29168 Unspecified vulnerability in PTC Vuforia Studio
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
network
low complexity
ptc
7.5
2023-06-07 CVE-2023-31200 Unspecified vulnerability in PTC Vuforia Studio
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
network
low complexity
ptc
8.0
2022-03-16 CVE-2022-25246 Use of Hard-coded Credentials vulnerability in PTC Axeda Agent and Axeda Desktop Server
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation.
network
low complexity
ptc CWE-798
8.8
2022-03-16 CVE-2022-25249 Path Traversal vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server..
network
low complexity
ptc CWE-22
7.5
2022-03-16 CVE-2022-25250 Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication.
network
low complexity
ptc CWE-306
7.5
2022-03-16 CVE-2022-25252 Improper Check for Unusual or Exceptional Conditions vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception.
network
low complexity
ptc CWE-754
7.5