Article - CS417607

Critical Security Vulnerability identified in Creo Elements/Direct License Server

Modified: 06-Jan-2025   


Applies To

  • Creo Elements/Direct Drafting 15.00 to 20.7
  • Creo Elements/Direct Model Manager / Drawing Manager 15.00 to 20.7
  • Creo Elements/Direct Modeling 15.00 to 20.7
  • Creo Elements/Direct WorkManager / DDM 15.00 to 20.4
  • Creo Elements/Direct License Server (MEls) 20.7.0.0 or lower version
  • Note: That this vulnerability does not impactPTC Creo License Server" (lmadmin, lmgrd)

Description

  • Critical Security Vulnerability identified in Creo Elements/Direct License Server
  • According to PTC Creo Elements/Direct License Server | CISA, CVE-2024-6071 has been assigned to this vulnerability
  • CVSS 3.1 score: 10.0
  • CVSS 3.1 vector string:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Vulnerability can lead to Remote Code Execution (RCE)
  • Researcher attribution: Thomas Riedmaier from Siemens Energy
  • Note that PTC has no indication nor has been made aware that this vulnerability has or is being exploited
This is a printer-friendly version of Article 417607 and may be out of date. For the latest version click CS417607