Article - CS417607
Critical Security Vulnerability identified in Creo Elements/Direct License Server
Modified: 03-Jul-2024
Applies To
- Creo Elements/Direct Drafting 15.00 to 20.7
- Creo Elements/Direct Model Manager / Drawing Manager 15.00 to 20.7
- Creo Elements/Direct Modeling 15.00 to 20.7
- Creo Elements/Direct WorkManager / DDM 15.00 to 20.4
- Creo Elements/Direct License Server (MEls) 20.7.0.0 or lower version
- Note: That this vulnerability does not impact “PTC Creo License Server" (lmadmin, lmgrd)
Description
- Critical Security Vulnerability identified in Creo Elements/Direct License Server
- According to PTC Creo Elements/Direct License Server | CISA, CVE-2024-6071 has been assigned to this vulnerability
- CVSS 3.1 score: 10.0
- CVSS 3.1 vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Vulnerability can lead to Remote Code Execution (RCE)
- Researcher attribution: Thomas Riedmaier from Siemens Energy
- Note that PTC has no indication nor has been made aware that this vulnerability has or is being exploited
- The resolution points to Creo Elements/Direct License Server Version 20.7.0.1 but its content is 20.7.0.0. Is this the correct version?
- How big is the impact of this risk?
This is a printer-friendly version of Article 417607 and may be out of date. For the latest version click CS417607