Axeda Public Advisory

Today, March 8th, 2022, the United States Cybersecurity & Infrastructure Security Agency (CISA) issued a public advisory regarding software agents developed using PTC’s Axeda solution for Internet of Things (IoT).

This disclosure is the culmination of a cooperative effort between PTC, CyberMDX, and CISA. The vulnerabilities were discovered by research firm CyberMDX and reported through PTC’s Coordinated Vulnerability Disclosure (CVD) Program. PTC and CyberMDX collaborated to thoroughly investigate and implement appropriate remediations for the vulnerabilities. PTC then notified customers and guided their remediations ahead of disclosure, as part of our shared responsibility model. The findings of the investigation and required remediation actions are included in both the Common Vulnerabilities and Exposures (CVEs) issued by CISA and PTC’s Security Advisory.

PTC’s CVD Program has demonstrated its value as an effective means for researchers to securely communicate with PTC regarding previously undiscovered vulnerabilities without jeopardizing the safety of our customers and their supply chains. The result is greater awareness for users and the opportunity to resolve a potential threat to their systems and data. 

Should you have questions, please consult the resources below. 

About Axeda 

PTC acquired Axeda in 2014 to complement its earlier acquisition of the ThingWorx platform for IoT. Companies use Axeda to optimize the availability and productivity of the products they manufacture as their own customers operate them. PTC has since re-developed and modernized Axeda’s robust remote connectivity features into ThingWorx and has published an end-of-life date for the Axeda product. PTC is collaborating with its Axeda Extended Support customers on their migration paths to the ThingWorx platform, which provides next-generation capabilities for IoT connectivity.   

References:  

For Vendor-specific advisories, please see: 

Common Vulnerabilities and Exposures (CVEs) 

PTC Security Advisory