Advisories

• PTC Kepware KEPServerEx CVD

  Description: Uncontrolled Resource Consumption

  • Advisory ID: ICSA-23-208-02
  • Remediation Details

• PTC Axeda agent and Axeda Desktop Server CVD

  Description: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions

  • Advisory ID: ICSA-22-067-01
  • Remediation Details

  
  

• TPM Vulnerability Impact on PTC Products

  Description: These TPM Vulnerabilities have no direct impact on PTC developed products.

  • Advisory ID: CVE-2023-1017, CVE-2023-1018
  • Remediation Details

• PTC ThingWorx Edge and Kepware CVD

  Description: Improper Validation of Array Index, Integer Overflow or Wraparound

  • Advisory ID: ICSA-23-054-01
  • Remediation Details

• Apache Vulnerability Impact on PTC Windchill and FlexPLM

  Description:Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.

  • Advisory ID: CVE-2022-36760
  • Remediation Details

• PTC Kepware KEPServerEX (Update A) CVD

  Description:Heap-based Buffer Overflow; Stack-based Buffer Overflow

  • Advisory ID: ICSA-22-242-10
  • Remediation Details

• Spring4Shell Vulnerability Impact on PTC Windchill Products

  Description:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding..

  • Advisory ID: CVE-2022-22965
  • Remediation Details

• Chromium Vulnerability Impact on Multiple PTC Products

  Description:Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • Advisory ID: CVE-2022-1096
  • Remediation Details

• Log4j Vulnerability Impact on Multiple PTC Products

  Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints.

  • Advisory ID: CVE-2021-44228
  • Remediation Details