10

CVE-2022-25247

PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PtcAxeda Agent Version < 6.9.1
PtcAxeda Desktop Server SwPlatformwindows Version < 6.9.215
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.9% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
Third Party Advisory
US Government Resource
Mitigation
https://www.ptc.com/en/support/article/CS363561
Vendor Advisory