CVE-2022-25246 – PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials
https://notcve.org/view.php?id=CVE-2022-25246
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) usa credenciales embebidas para su instalación de UltraVNC. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto autenticado tomar el control remoto completo del sistema operativo del host • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-798: Use of Hard-coded Credentials •
CVE-2022-25247 – PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function
https://notcve.org/view.php?id=CVE-2022-25247
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) pueden permitir a un atacante enviar determinados comandos a un puerto específico sin autenticación. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto no autenticado obtener acceso completo al sistema de archivos y la ejecución de código remota • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-306: Missing Authentication for Critical Function •