Article - CS417607

Critical Security Vulnerability identified in Creo Elements/Direct License Server

Modified: 03-Jul-2024   


Applies To

  • Creo Elements/Direct Drafting 15.00 to 20.7
  • Creo Elements/Direct Model Manager / Drawing Manager 15.00 to 20.7
  • Creo Elements/Direct Modeling 15.00 to 20.7
  • Creo Elements/Direct WorkManager / DDM 15.00 to 20.4
  • Creo Elements/Direct License Server (MEls) 20.7.0.0 or lower version
  • Note: That this vulnerability does not impactPTC Creo License Server" (lmadmin, lmgrd)

Description

  • Critical Security Vulnerability identified in Creo Elements/Direct License Server
  • According to PTC Creo Elements/Direct License Server | CISA, CVE-2024-6071 has been assigned to this vulnerability
  • CVSS 3.1 score: 10.0
  • CVSS 3.1 vector string:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Vulnerability can lead to Remote Code Execution (RCE)
  • Researcher attribution: Thomas Riedmaier from Siemens Energy
  • Note that PTC has no indication nor has been made aware that this vulnerability has or is being exploited
  • The resolution points to Creo Elements/Direct License Server Version 20.7.0.1 but its content is 20.7.0.0. Is this the correct version?
  • How big is the impact of this risk?
This is a printer-friendly version of Article 417607 and may be out of date. For the latest version click CS417607