MEDIUM✓ PATCH🇬🇧 English

CVE-2023-29446

CVSS 4.7v3.1pub. 2024-01-10upd. 2024-11-21

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Ptc Kepware Kepserverex

    APP
    Ptc
    6.0.2107.0 – 6.14.263.0
  • Ptc Thingworx Industrial Connectivity

    APP
    Ptc
    8.0 – 8.5
  • Ptc Thingworx Kepware Server

    APP
    Ptc
    6.8 – 6.14.263.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-5908CRITICAL9.1PL ✓ten sam produkt

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych

CVE-2022-2848CRITICAL9.1ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2022-2825CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2023-0755CRITICAL9.8ten sam produkt

The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...

CVE-2023-0754CRITICAL9.8ten sam produkt

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to ...