Multiple vulnerabilities in PTC Axeda agent and Axeda Desktop Server

1) Use of hard-coded credentials

EUVDB-ID: #VU61183

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25246

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code for UltraVNC installation. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Authentication for Critical Function

EUVDB-ID: #VU61184

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25247

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected product allows an attacker to send certain commands to a specific port without authentication. A remote attacker can obtain full file-system access and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU61185

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25248

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected product supplies the event log of the specific service when connecting to a certain port. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authentication for Critical Function

EUVDB-ID: #VU61192

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25250

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected product may allow an attacker to send a certain command to a specific port without authentication. A remote attacker can shut down a specific service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authentication for Critical Function

EUVDB-ID: #VU61193

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25251

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected product may allow an attacker to send certain XML messages to a specific port without proper authentication. A remote attacker can read and modify the affected product’s configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Path traversal

EUVDB-ID: #VU61194

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25249

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU61195

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25252

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected product when receiving certain input throws an exception. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Axeda agent: before 6.9.3 1051

Axeda Desktop Server for Windows: before 6.9 215

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-067-01
http://www.ptc.com/en/support/article/CS363561

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.