CVE-2022-25252
published 2022-03-16CVE-2022-25252: When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.51%
71.2th percentile
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ptc | axeda_agent | < 6.9.1 | 6.9.1 |
| ptc | axeda_agent | — | — |
| ptc | axeda_desktop_server | < 6.9.215 | 6.9.215 |
| ptc | axeda_desktop_server_for_windows | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
PTC Axeda agent and Axeda Desktop Server (Update C)
cisa_ics·2022-03-15
PTC Axeda agent and Axeda Desktop Server (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
PTC Axeda agent and Axeda Desktop Server (Update C)
Last RevisedMarch 31, 2022
Alert CodeICSA-22-067-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: PTC
- Equipment: Axeda agent, Axeda Desktop Server
- Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions
CISA is aware of a public report, known as “Access:7” that details vulnerabilities found in PTC
GHSA
GHSA-9r2j-qhj5-5qr7: When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws a
ghsa_unreviewed·2022-03-17
CVE-2022-25252 [HIGH] CWE-754 GHSA-9r2j-qhj5-5qr7: When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws a
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-16
Published