Filtered by vendor Ptc
Subscribe
Total
19 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0754 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2023-03-03 | N/A | 9.8 CRITICAL |
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | |||||
CVE-2023-0755 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2023-03-03 | N/A | 9.8 CRITICAL |
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | |||||
CVE-2022-25252 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product. | |||||
CVE-2022-25251 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | |||||
CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | |||||
CVE-2022-25249 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | |||||
CVE-2022-25248 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | |||||
CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | |||||
CVE-2022-25246 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 9.0 HIGH | 8.8 HIGH |
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. | |||||
CVE-2020-27265 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. | |||||
CVE-2020-27267 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
CVE-2020-27263 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
CVE-2018-17218 | 1 Ptc | 1 Thingworx Platform | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. | |||||
CVE-2018-20092 | 1 Ptc | 1 Thingworx Platform | 2019-06-20 | 5.0 MEDIUM | 7.5 HIGH |
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. | |||||
CVE-2018-17217 | 1 Ptc | 1 Thingworx Platform | 2018-11-15 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key. | |||||
CVE-2018-17216 | 1 Ptc | 1 Thingworx Platform | 2018-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. | |||||
CVE-2007-4600 | 1 Ptc | 1 Mathcad | 2018-10-15 | 4.6 MEDIUM | N/A |
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. | |||||
CVE-2015-2061 | 1 Ptc | 1 Creo View | 2016-11-29 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | |||||
CVE-2014-9267 | 1 Ptc | 1 Isoview | 2014-12-09 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. |