Vulnerability Details CVE-2023-29445
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.1%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
- https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/
- https://www.ptc.com/en/support/article/cs399528
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
- https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/
- https://www.ptc.com/en/support/article/cs399528
Products affected by CVE-2023-29445
-
cpe:2.3:a:ptc:kepware_kepserverex:6.0.2107.0
-
cpe:2.3:a:ptc:kepware_kepserverex:6.12
-
cpe:2.3:a:ptc:kepware_kepserverex:6.14
-
cpe:2.3:a:ptc:kepware_kepserverex:6.14.263.0
-
cpe:2.3:a:ptc:kepware_kepserverex:6.9
-
cpe:2.3:a:ptc:thingworx_industrial_connectivity:8.0
-
cpe:2.3:a:ptc:thingworx_industrial_connectivity:8.5
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.10.623.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.10.659.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.11.718.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.11.764.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.12
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.12.325.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.12.361.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.13.250.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.13.266.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.14
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.14.263.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.8
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.8.796.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.8.838.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.8.875.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.9
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.9.572.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.9.584.0
-
cpe:2.3:a:ptc:thingworx_kepware_server:6.9.636.0