Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Thingworx_industrial_connectivity
(Ptc)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-10 | CVE-2023-29446 | An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline. | Kepware_kepserverex, Thingworx_industrial_connectivity, Thingworx_kepware_server | 4.7 | ||
| 2024-01-10 | CVE-2023-29444 | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution. | Kepware_kepserverex, Thingworx_industrial_connectivity, Thingworx_kepware_server | 7.3 | ||
| 2024-01-10 | CVE-2023-29447 | An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | Kepware_kepserverex, Thingworx_industrial_connectivity, Thingworx_kepware_server | 5.3 |