PTC Advisory Center

PTC’s advisory center


Please visit the links below for information on PTC's response to vulnerabilities that have impacted PTC products and their remediation.

Advisories

PTC Products advisories

PTC ALM

Product: Codebeamer
Description: Security Vulnerability identified in Codebeamer – Reflected XSS - CVE-2024-3951


Product: Codebeamer
Description: Security Vulnerabilities Identified in Codebeamer - CVE-2023-4296

PTC Creo

Product: Creo Elements/Direct License Server
Description: Critical Security Vulnerability identified in Creo Elements/Direct License Server - CVE-2024-6071

PTC IoT

Product: PTC Axeda Agent
Description: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions

PTC Kepware

Product: PTC ThingWorx Kepware Server
Description: Security vulnerability identified in PTC Kepware Products - CVE-2024-6098


Product: PTC Kepware ThingWorx Kepware Server
Description: Security vulnerability identified in PTC Kepware Products - CVE-2024-6098


Product: PTC KEPServerEx
Description: Security vulnerabilities identified in PTC Kepware products - CVE-2023-5908, CVE-2023-5909


Product: PTC Kepware KepServerEX
Description: Security vulnerabilities identified in PTC Kepware Products - CVE-2023-29444, CVE-2023-29446, CVE-2023-29447


Product: PTC Kepware KEPServerEx CVD
Description: Uncontrolled Resource Consumption


Product: PTC ThingWorx Edge and Kepware CVD
Description: Improper Validation of Array Index, Integer Overflow or Wraparound


Product: PTC Kepware KEPServerEX (Update A) CVD
Description: Heap-based Buffer Overflow; Stack-based Buffer Overflow


Product: PTC Kepware KepServerEX (Update A)
Description: Security vulnerabilities identified in PTC Kepware Products - CVE-2020-27263, CVE-2020-27265, CVE-2020-27267


Product: PTC Kepware LinkMaster
Description: PTC vulnerabilities in Kepware LinkMaster - CVE-2020-13535

PTC PLM

Product: PTC Windchill and FlexPLM
Description: Apache vulnerability impact on PTC Windchill and FlexPLM

Third-party advisories

Chromium vulnerability impact on multiple PTC products

Product: Multiple PTC products
Description: Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Log4j vulnerability impact on multiple PTC products

Product: Multiple PTC products
Description: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints.

Spring4Shell vulnerability impact on multiple PTC products

Product: Multiple PTC products
Description: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

TPM vulnerability impact on PTC products

Product: PTC products are not directly impacted by the TPM vulnerabilities
Description: TPM security vulnerabilities - CVE-2023-1017 and CVE-2023-1018