Vulnerabilities > PTC > Thingworx Industrial Connectivity > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-29445 Uncontrolled Search Path Element vulnerability in PTC products
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
local
low complexity
ptc CWE-427
7.8
2024-01-10 CVE-2023-29444 Uncontrolled Search Path Element vulnerability in PTC products
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
local
low complexity
ptc CWE-427
7.3
2023-11-30 CVE-2023-5909 Improper Certificate Validation vulnerability in multiple products
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
7.5