At PTC, we’re dedicated to working together with our customers and partners to develop and deploy secure IoT platforms. As part of PTC’s ongoing effort to improve product security and communicate clearly about any issues impacting applications dependent on the security of PTC’s products, this vulnerability disclosure is intended to inform users of the ThingWorx platform so that they may determine if further action is required.
The ThingWorx application is vulnerable to a directory traversal attack on zip files.
Impact analysis: How to determine if you are vulnerable
All application built on affected versions, including other PTC applications, may be vulnerable.
ThingWorx version information
Fix Version for This Issue
Minimum Recommended Security Patch Level
All Versions Before 7.0.0
7.0.0 to 7.0.14
7.1.0 to 7.1.18
7.2.0 to 7.2.21
7.3.0 to 7.3.18
7.4.0 to 7.4.14
8.0.0 to 8.0.12
8.1.0 to 8.1.8
8.2.0 to 8.2.5
There may be technical or other limitations that prevent all fixes from being backported to all older versions. Generally, the latest version of ThingWorx is the most secure. If it is not possible to be on the latest version, PTC recommends the latest Service Pack for the installed version as above.
Detailed account of the solution
An attacker can utilize this vulnerability to read files that are normally considered out of bounds by the application. The methods to interact with zip files can be used to read or write arbitrary files.
The fix validates the file path input in the CreateZipArchive service to assure directory traversal is constrained appropriately.
We would like to thank Jared McLaren and Raymond Doyle at Secureworks for finding and reporting this issue to us.
Page Not Available
We’re sorry this page isn’t available in the language you selected. Would you like to see the page in English?