PTC Advisory Center

PTC’s advisory center

Please visit the links below for information on PTC's response to vulnerabilities that have impacted PTC products and their remediation.


PTC Kepware KEPServerEx CVD

Description: Uncontrolled Resource Consumption

PTC Axeda agent and Axeda Desktop Server CVD

Description: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions

TPM vulnerability impact on PTC Products

Description: These TPM Vulnerabilities have no direct impact on PTC developed products.

PTC ThingWorx Edge and Kepware CVD

Description: Improper Validation of Array Index, Integer Overflow or Wraparound

Apache vulnerability impact on PTC Windchill and FlexPLM

Description:Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.

PTC Kepware KEPServerEX (Update A) CVD

Description:Heap-based Buffer Overflow; Stack-based Buffer Overflow

Spring4Shell vulnerability impact on PTC Windchill products

Description:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding..

Chromium vulnerability impact on multiple PTC products

Description:Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Log4j vulnerability impact on multiple PTC products

Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints.