Vulnerabilities > PTC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-29445 | Uncontrolled Search Path Element vulnerability in PTC products An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 7.8 |
| 2024-01-10 | CVE-2023-29444 | Uncontrolled Search Path Element vulnerability in PTC products An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 7.3 |
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
| 2023-06-07 | CVE-2023-29152 | Unspecified vulnerability in PTC Vuforia Studio By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | 8.1 |
| 2023-06-07 | CVE-2023-29168 | Insufficiently Protected Credentials vulnerability in PTC Vuforia Studio The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | 7.5 |
| 2023-06-07 | CVE-2023-31200 | Cross-Site Request Forgery (CSRF) vulnerability in PTC Vuforia Studio PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | 8.0 |
| 2022-03-16 | CVE-2022-25251 | Missing Authentication for Critical Function vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. | 7.5 |
| 2021-01-14 | CVE-2020-27265 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 7.5 |
| 2015-03-09 | CVE-2015-2061 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PTC Creo View Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | 7.5 |