Article - CS363561

Security vulnerabilities identified in the Axeda agent and Axeda Desktop Server

Modified: 28-May-2024   


Applies To

  • Axeda - Connectivity 6.9.4
  • All versions of Axeda agent
  • All versions of Axeda Desktop Server for Windows 

Description

CISA ICS Advisory (ICSA-22-067-01)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
  • AxedaDesktopServer.exe
    • CVE-2022-25246 
      • CVE description: the affected product uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system
      • CWE-798: Use of Hard-coded Credentials  
      • CVSS 3.1 Score: 9.8 (Critical) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 
    • CVE-2022-25250
      • CVE description: When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service
      • CVSS 3.1 Score: 7.5 (High) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    •  
  • ERemoteServer
    • System Access
      • CVE-2022-25247
      • CVE description: the affected product may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
      • CWE-306: Missing Authentication for Critical Function  
      • CVSS 3.1 Score: 9.8 (Critical) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 
    • Event Text Log 
      • CVE-2022-25248 
      • CVE description: when connecting to a certain port the affected product supplies the event log of the specific service.
      • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor 
      • CVSS 3.1 Score: 5.3 (Medium) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 
  • xGate and EKernel 
    • Directory Traversal (does not apply to Axeda agent 6.9.2 and 6.9.3) 
      • CVE-2022-25249 
      • CVE description: the affected product (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.
      • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
      • CVSS 3.1 Score: 7.5 (High) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 
    • Shutting down xGate and EKernel 
      • CVE-2022-25250  
      • CVE description: the affected product may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.    
      • CWE-306: Missing Authentication for Critical Function 
      • CVSS 3.1 Score: 7.5 (High) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 
    • Read and modify agent configuration 
      • CVE-2022-25251  
      • CVE description: the affected product may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.
      • CWE-306: Missing Authentication for Critical Function 
      • CVSS 3.1 Score: 9.8 (Critical) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 
  • Library module - xBase39
    • CVE-2022-25252  
    • CVE description: the affected product when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
    • CWE-703: Improper Check or Handling of Exceptional Conditions 
    • CVSS 3.1 Score: 7.5 (High) 
    • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 
  • Note that PTC has no indication nor has been made aware that any of these vulnerabilities has been or is being exploited. 
This is a printer-friendly version of Article 363561 and may be out of date. For the latest version click CS363561