PTC’s advisory center
Please visit the links below for information on PTC's response to vulnerabilities that have impacted PTC products and their remediation.
Advisories
PTC Products advisories
PTC ALM
Product: Codebeamer
Description: Security Vulnerability identified in Codebeamer – Reflected XSS - CVE-2024-3951
- Advisory ID: ICSA-24-128-01
- Publish date: 5/7/2024
- Remediation Details
Product: Codebeamer
Description: Security Vulnerabilities Identified in Codebeamer - CVE-2023-4296
- Advisory ID: ICSA-23-241-01
- Publish date: 8/29/2023
- Remediation Details
PTC Creo
Product: Creo Elements/Direct License Server
Description: Critical Security Vulnerability identified in Creo Elements/Direct License Server - CVE-2024-6071
- Advisory ID: ICSA-24-177-02
- Publish date: 7/9/2024
- Remediation Details
PTC IoT
Product: PTC Axeda Agent
Description: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions
- Advisory ID: ICSA-22-067-01
- Publish date: 3/31/2022
- Remediation Details
PTC Kepware
Product: PTC ThingWorx Kepware Server
Description: Security vulnerability identified in PTC Kepware Products - CVE-2024-6098
- Advisory ID: ICSA-24-228-11
- Publish date: 8/15/2024
- Remediation Details
Product: PTC Kepware ThingWorx Kepware Server
Description: Security vulnerability identified in PTC Kepware Products - CVE-2024-6098
- Advisory ID: ICSA-24-228-11
- Publish date: 8/15/2024
- Remediation Details
Product: PTC KEPServerEx
Description: Security vulnerabilities identified in PTC Kepware products - CVE-2023-5908, CVE-2023-5909
- Advisory ID: ICSA-23-334-03
- Publish date: 11/30/2023
- Remediation Details
Product: PTC Kepware KepServerEX
Description: Security vulnerabilities identified in PTC Kepware Products - CVE-2023-29444, CVE-2023-29446, CVE-2023-29447
- Advisory ID: ICSA-23-243-03
- Publish date: 10/12/2023
- Remediation Details
Product: PTC Kepware KEPServerEx CVD
Description: Uncontrolled Resource Consumption
- Advisory ID: ICSA-23-208-02
- Publish date: 7/27/2023
- Remediation Details
Product: PTC ThingWorx Edge and Kepware CVD
Description: Improper Validation of Array Index, Integer Overflow or Wraparound
- Advisory ID: ICSA-23-054-01
- Publish date: 2/23/2023
- Remediation Details
Product: PTC Kepware KEPServerEX (Update A) CVD
Description: Heap-based Buffer Overflow; Stack-based Buffer Overflow
- Advisory ID: ICSA-22-242-10
- Publish date: 8/8/2022
- Remediation Details
Product: PTC Kepware KepServerEX (Update A)
Description: Security vulnerabilities identified in PTC Kepware Products - CVE-2020-27263, CVE-2020-27265, CVE-2020-27267
- Advisory ID: ICSA-20-352-02
- Publish date: 1/5/2021
- Remediation Details
Product: PTC Kepware LinkMaster
Description: PTC vulnerabilities in Kepware LinkMaster - CVE-2020-13535
- Advisory ID: ICSA-20-352-03
- Publish date: 12/17/2020
- Remediation Details
PTC PLM
Product: PTC Windchill and FlexPLM
Description: Apache vulnerability impact on PTC Windchill and FlexPLM
- Advisory ID: CVE-2022-36760
- Publish date: 1/17/2023
- Remediation Details
Third-party advisories
Chromium vulnerability impact on multiple PTC products
Product: Multiple PTC products
Description: Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Advisory ID: CVE-2022-1096
- Publish date: 7/22/2022
- Remediation Details
Log4j vulnerability impact on multiple PTC products
Product: Multiple PTC products
Description: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints.
- Advisory ID: CVE-2021-44228
- Publish date: 12/10/2021
- Remediation Details
Spring4Shell vulnerability impact on multiple PTC products
Product: Multiple PTC products
Description: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
- Advisory ID: CVE-2022-22965
- Publish date: 4/1/2022
- Remediation Details
TPM vulnerability impact on PTC products
Product: PTC products are not directly impacted by the TPM vulnerabilities
Description: TPM security vulnerabilities - CVE-2023-1017 and CVE-2023-1018
- Advisory ID: CVE-2023-1017, CVE-2023-1018
- Publish date: 02/28/2023, 02/28/2023
- Remediation Details