![]() Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.ĬVE-2022-25251 has been assigned to this vulnerability. The affected product may allow an attacker to send certain XML messages to a specific port without proper authentication. 4.2.6 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.ĬVE-2022-25250 has been assigned to this vulnerability. The affected product may allow an attacker to send a certain command to a specific port without authentication. 4.2.5 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The affected product (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.ĬVE-2022-25249 has been assigned to this vulnerability. 4.2.4 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). When connecting to a certain port the affected product supplies the event log of the specific service.ĬVE-2022-25248 has been assigned to this vulnerability. 4.2.3 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.ĬVE-2022-25247 has been assigned to this vulnerability. The affected product may allow an attacker to send certain commands to a specific port without authentication. ![]() 4.2.2 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 ![]() Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.ĬVE-2022-25246 has been assigned to this vulnerability. The affected product uses hard-coded credentials for its UltraVNC installation. Axeda Desktop Server for Windows: All versionsĤ.2 VULNERABILITY OVERVIEW 4.2.1 USE OF HARD-CODED CREDENTIALS CWE-798.The following versions of Axeda agent and Axeda Desktop Server, a remote asset connectivity software used as part of a cloud based IoT platform, are affected: Successful exploitation of these vulnerabilities could result in full system access, remote code execution, read/change configuration, file system read access, log information access, and a denial-of-service condition. This updated advisory is a follow-up to the advisory update titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update B) that was published March 15, 2022, on the ICS webpage on 3. These vulnerabilities can affect medical, Internet of Things (IoT), and embedded devices dependent on the affected product. Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional ConditionsĬISA is aware of a public report, known as “Access:7” that details vulnerabilities found in PTC Axeda agent and Axeda Desktop Server.Equipment: Axeda agent, Axeda Desktop Server.ATTENTION: Exploitable remotely/low attack complexity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |