VYPR
Vendor

Ptc

Products
14
CVEs
29
Across products
38
Status
Private

Products

14

Recent CVEs

29
View all 29 CVEs →
  • CVE-2024-6071CriJun 27, 2024
    risk 0.65cvss 10.0epss 0.01

    PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

  • CVE-2018-17217HigOct 1, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.

  • CVE-2024-3951HigMay 8, 2024
    risk 0.46cvss 7.1epss 0.00

    PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.

  • CVE-2018-17216MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.

  • CVE-2018-17218MedOct 1, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.

  • CVE-2024-6098MedAug 16, 2024
    risk 0.34cvss 5.3epss 0.00

    When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause…

  • CVE-2026-12569KEVJun 18, 2026
    risk 0.12cvss epss 0.01

    A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified…

  • CVE-2026-4681Mar 23, 2026
    risk 0.00cvss epss 0.01

    A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0,…

  • CVE-2024-40395Aug 27, 2024
    risk 0.00cvss epss 0.01

    An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.

  • CVE-2023-4296Aug 29, 2023
    risk 0.00cvss epss 0.01

    ​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.

  • CVE-2023-31200Jun 7, 2023
    risk 0.00cvss epss 0.00

    PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.

  • CVE-2023-29502Jun 7, 2023
    risk 0.00cvss epss 0.01

    Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.

  • CVE-2023-27881Jun 7, 2023
    risk 0.00cvss epss 0.01

    A user could use the “Upload Resource” functionality to upload files to any location on the disk.

  • CVE-2023-29152Jun 7, 2023
    risk 0.00cvss epss 0.00

    By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.

  • CVE-2023-24476Jun 7, 2023
    risk 0.00cvss epss 0.00

    An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

  • CVE-2023-29168Jun 7, 2023
    risk 0.00cvss epss 0.00

    The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.

  • CVE-2022-25251Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a…

  • CVE-2022-25252Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow…

  • CVE-2022-25250Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote…

  • CVE-2022-25249Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read…