Article - CS363561
Security vulnerabilities identified in the Axeda agent and Axeda Desktop Server
Modified: 28-May-2024
Applies To
- Axeda - Connectivity 6.9.4
- All versions of Axeda agent
- All versions of Axeda Desktop Server for Windows
Description
CISA ICS Advisory (ICSA-22-067-01)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
- AxedaDesktopServer.exe
- CVE-2022-25246
- CVE description: the affected product uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system
- CWE-798: Use of Hard-coded Credentials
- CVSS 3.1 Score: 9.8 (Critical)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CVE-2022-25250
- CVE description: When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service
- CVSS 3.1 Score: 7.5 (High)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CVE-2022-25246
- ERemoteServer
- System Access
- CVE-2022-25247
- CVE description: the affected product may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
- CWE-306: Missing Authentication for Critical Function
- CVSS 3.1 Score: 9.8 (Critical)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Event Text Log
- CVE-2022-25248
- CVE description: when connecting to a certain port the affected product supplies the event log of the specific service.
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CVSS 3.1 Score: 5.3 (Medium)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- System Access
- xGate and EKernel
- Directory Traversal (does not apply to Axeda agent 6.9.2 and 6.9.3)
- CVE-2022-25249
- CVE description: the affected product (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVSS 3.1 Score: 7.5 (High)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Shutting down xGate and EKernel
- CVE-2022-25250
- CVE description: the affected product may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.
- CWE-306: Missing Authentication for Critical Function
- CVSS 3.1 Score: 7.5 (High)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Read and modify agent configuration
- CVE-2022-25251
- CVE description: the affected product may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.
- CWE-306: Missing Authentication for Critical Function
- CVSS 3.1 Score: 9.8 (Critical)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Directory Traversal (does not apply to Axeda agent 6.9.2 and 6.9.3)
- Library module - xBase39
- CVE-2022-25252
- CVE description: the affected product when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
- CWE-703: Improper Check or Handling of Exceptional Conditions
- CVSS 3.1 Score: 7.5 (High)
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Note that PTC has no indication nor has been made aware that any of these vulnerabilities has been or is being exploited.
This is a printer-friendly version of Article 363561 and may be out of date. For the latest version click CS363561