Ptc Thingworx Industrial Connectivity
8 CVEs affecting Ptc Thingworx Industrial Connectivity. Latest disclosed: 2024-01-10. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-0754 | Critical | 9.8 | 2023-02-23 | The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary c… |
CVE-2023-0755 | Critical | 9.8 | 2023-02-23 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrar… |
CVE-2023-5908 | Critical | 9.1 | 2023-11-30 | KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. |
CVE-2023-29445 | High | 7.8 | 2024-01-10 | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges… |
CVE-2023-5909 | High | 7.5 | 2023-11-30 | KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. |
CVE-2023-29444 | Medium | 6.3 | 2024-01-10 | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges… |
CVE-2023-29447 | Medium | 5.7 | 2024-01-10 | An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authenti… |
CVE-2023-29446 | Medium | 4.7 | 2024-01-10 | An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an… |