CVE-2022-25250 – PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function
https://notcve.org/view.php?id=CVE-2022-25250
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. Cuando es conectado a un determinado puerto Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) puede permitir a un atacante enviar un determinado comando a un puerto específico sin autenticación. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto no autenticado cerrar un servicio específico • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-306: Missing Authentication for Critical Function •
CVE-2022-25249 – PTC Axeda agent and Axeda Desktop Server Path Traversal
https://notcve.org/view.php?id=CVE-2022-25249
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. Cuando es conectado a un determinado puerto Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) (sin tener en cuenta Axeda agent versiones v6.9.2 y v6.9.3) es vulnerable a un salto de directorio lo que podría permitir a un atacante remoto no autenticado obtener acceso de lectura al sistema de archivos por medio del servidor web • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-25248 – PTC Axeda agent and Axeda Desktop Server Information Exposure
https://notcve.org/view.php?id=CVE-2022-25248
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. Cuando es conectado a un determinado puerto Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) suministra el registro de eventos del servicio específico • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-25246 – PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials
https://notcve.org/view.php?id=CVE-2022-25246
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) usa credenciales embebidas para su instalación de UltraVNC. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto autenticado tomar el control remoto completo del sistema operativo del host • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-798: Use of Hard-coded Credentials •
CVE-2022-25247 – PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function
https://notcve.org/view.php?id=CVE-2022-25247
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) pueden permitir a un atacante enviar determinados comandos a un puerto específico sin autenticación. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto no autenticado obtener acceso completo al sistema de archivos y la ejecución de código remota • https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 https://www.ptc.com/en/support/article/CS363561 • CWE-306: Missing Authentication for Critical Function •