Ptc: Security Vulnerabilities
By changing the filename parameter in the request, an attacker could
delete any file with the permissions of the Vuforia server account.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-06-07
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-06-07
Before importing a project into Vuforia, a user could modify the
“resourceDirectory” attribute in the appConfig.json file to be a
different path.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-06-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-03-29
The affected products are vulnerable to an integer
overflow or wraparound, which could allow an attacker to crash the server and remotely
execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-23
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-23
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-03-16
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
CVSS Score
9.8
EPSS Score
0.023
Published
2022-03-16
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-03-16