An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NPtc Kepware Kepserverex
APPPtc6.0.2107.0 – 6.14.263.0Ptc Thingworx Industrial Connectivity
APPPtc8.0 – 8.5Ptc Thingworx Kepware Server
APPPtc6.8 – 6.14.263.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
References
Related vulnerabilities
CVE-2023-5908CRITICAL9.1PL ✓ten sam produkt
Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych
CVE-2022-2848CRITICAL9.1ten sam produkt
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
CVE-2022-2825CRITICAL9.8ten sam produkt
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
CVE-2023-0755CRITICAL9.8ten sam produkt
The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...
CVE-2023-0754CRITICAL9.8ten sam produkt
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to ...