Vulnerabilities > PTC > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-40395 Authorization Bypass Through User-Controlled Key vulnerability in PTC Thingworx 9.5.0
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
network
low complexity
ptc CWE-639
6.5
2024-01-10 CVE-2023-29446 Improper Input Validation vulnerability in PTC products
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file.
local
high complexity
ptc CWE-20
4.7
2024-01-10 CVE-2023-29447 Insufficiently Protected Credentials vulnerability in PTC products
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
high complexity
ptc CWE-522
5.3
2023-06-07 CVE-2023-29502 Unspecified vulnerability in PTC Vuforia Studio
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
network
low complexity
ptc
4.3
2022-03-16 CVE-2022-25248 Information Exposure vulnerability in PTC Axeda Agent and Axeda Desktop Server
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
network
low complexity
ptc CWE-200
5.3
2018-10-01 CVE-2018-17218 Cross-site Scripting vulnerability in PTC Thingworx Platform
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2.
network
low complexity
ptc CWE-79
5.4
2018-10-01 CVE-2018-17216 Information Exposure vulnerability in PTC Thingworx Platform
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2.
network
low complexity
ptc CWE-200
6.5