PTC’s Advisory Center

Please visit the links below for information on PTC’s response to vulnerabilities that have impacted PTC products and their remediation.


  • PTC Kepware KEPServerEx CVD

    Description: Uncontrolled Resource Consumption

  • PTC Axeda agent and Axeda Desktop Server CVD

    Description: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions

  • TPM Vulnerability Impact on PTC Products

    Description: These TPM Vulnerabilities have no direct impact on PTC developed products.

  • PTC ThingWorx Edge and Kepware CVD

    Description: Improper Validation of Array Index, Integer Overflow or Wraparound

  • Apache Vulnerability Impact on PTC Windchill and FlexPLM

    Description:Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.

  • PTC Kepware KEPServerEX (Update A) CVD

    Description:Heap-based Buffer Overflow; Stack-based Buffer Overflow

  • Spring4Shell Vulnerability Impact on PTC Windchill Products

    Description:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding..

  • Chromium Vulnerability Impact on Multiple PTC Products

    Description:Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • Log4j Vulnerability Impact on Multiple PTC Products

    Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints.