Article - CS363561

Security vulnerabilities identified in the Axeda agent and Axeda Desktop Server

Modifié: 07-Mar-2022   


S'applique à

  • All versions of Axeda agent
  • All versions of Axeda Desktop Server for Windows 

Description

CISA ICS Advisory (ICSA-22-067-01)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
  • AxedaDesktopServer.exe
    • CVE-2022-25246 
    • CVE description: the affected product uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.
    • CWE-798: Use of Hard-coded Credentials  
    • CVSS 3.1 Score: 9.8 (Critical) 
    • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 
  • ERemoteServer
    • System Access
      • CVE-2022-25247
      • CVE description: the affected product may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
      • CWE-306: Missing Authentication for Critical Function  
      • CVSS 3.1 Score: 9.8 (Critical) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 
    • Event Text Log 
      • CVE-2022-25248 
      • CVE description: when connecting to a certain port the affected product supplies the event log of the specific service.
      • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor 
      • CVSS 3.1 Score: 5.3 (Medium) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 
  • xGate and EKernel 
    • Directory Traversal (does not apply to Axeda agent 6.9.2 and 6.9.3) 
      • CVE-2022-25249 
      • CVE description: the affected product (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.
      • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
      • CVSS 3.1 Score: 7.5 (High) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 
    • Shutting down xGate and EKernel 
      • CVE-2022-25250  
      • CVE description: the affected product may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.    
      • CWE-306: Missing Authentication for Critical Function 
      • CVSS 3.1 Score: 7.5 (High) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 
    • Read and modify agent configuration 
      • CVE-2022-25251  
      • CVE description: the affected product may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.
      • CWE-306: Missing Authentication for Critical Function 
      • CVSS 3.1 Score: 9.8 (Critical) 
      • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 
  • Library module - xBase39
    • CVE-2022-25252  
    • CVE description: the affected product when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
    • CWE-703: Improper Check or Handling of Exceptional Conditions 
    • CVSS 3.1 Score: 7.5 (High) 
    • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 
  • Note that PTC has no indication nor has been made aware that any of these vulnerabilities has been or is being exploited. 
Cette version PDF de l'article CS363561 peut être obsolète. Pour la dernière version https://www.ptc.com/fr/support/article/cs363561