VYPR

Vendor CVEs

Ptc

All CVEs

29 total · sorted by risk
  • CVE-2024-6071CriJun 27, 2024
    risk 0.65cvss 10.0epss 0.01

    PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

  • CVE-2018-17217HigOct 1, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.

  • CVE-2024-3951HigMay 8, 2024
    risk 0.46cvss 7.1epss 0.00

    PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.

  • CVE-2018-17216MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.

  • CVE-2018-17218MedOct 1, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.

  • CVE-2024-6098MedAug 16, 2024
    risk 0.34cvss 5.3epss 0.00

    When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause…

  • CVE-2026-12569KEVJun 18, 2026
    risk 0.12cvss epss 0.01

    A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified…

  • CVE-2026-4681Mar 23, 2026
    risk 0.00cvss epss 0.01

    A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0,…

  • CVE-2024-40395Aug 27, 2024
    risk 0.00cvss epss 0.01

    An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.

  • CVE-2023-4296Aug 29, 2023
    risk 0.00cvss epss 0.01

    ​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.

  • CVE-2023-31200Jun 7, 2023
    risk 0.00cvss epss 0.00

    PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.

  • CVE-2023-29502Jun 7, 2023
    risk 0.00cvss epss 0.01

    Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.

  • CVE-2023-27881Jun 7, 2023
    risk 0.00cvss epss 0.01

    A user could use the “Upload Resource” functionality to upload files to any location on the disk.

  • CVE-2023-29152Jun 7, 2023
    risk 0.00cvss epss 0.00

    By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.

  • CVE-2023-24476Jun 7, 2023
    risk 0.00cvss epss 0.00

    An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

  • CVE-2023-29168Jun 7, 2023
    risk 0.00cvss epss 0.00

    The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.

  • CVE-2022-25251Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a…

  • CVE-2022-25252Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow…

  • CVE-2022-25250Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote…

  • CVE-2022-25249Mar 16, 2022
    risk 0.00cvss epss 0.02

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read…

  • CVE-2022-25248Mar 16, 2022
    risk 0.00cvss epss 0.01

    When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.

  • CVE-2022-25246Mar 16, 2022
    risk 0.00cvss epss 0.02

    Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating…

  • CVE-2022-25247Mar 16, 2022
    risk 0.00cvss epss 0.04

    Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full…

  • CVE-2019-20635Apr 2, 2020
    risk 0.00cvss epss 0.01

    codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.

  • CVE-2018-20092Dec 17, 2018
    risk 0.00cvss epss 0.02

    PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.

  • CVE-2015-2061Mar 9, 2015
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute.

  • CVE-2014-9267Dec 8, 2014
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.

  • CVE-2007-4600Oct 18, 2007
    risk 0.00cvss epss 0.00

    The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element.

  • CVE-2006-7037Feb 23, 2007
    risk 0.00cvss epss 0.00

    Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with…