Vendor CVEs
Ptc
All CVEs
29 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6071 | Cri | 0.65 | 10.0 | 0.01 | Jun 27, 2024 | PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. | ||
| CVE-2018-17217 | Hig | 0.49 | 7.5 | 0.01 | Oct 1, 2018 | An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key. | ||
| CVE-2024-3951 | Hig | 0.46 | 7.1 | 0.00 | May 8, 2024 | PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. | ||
| CVE-2018-17216 | Med | 0.42 | 6.5 | 0.01 | Oct 1, 2018 | An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. | ||
| CVE-2018-17218 | Med | 0.35 | 5.4 | 0.01 | Oct 1, 2018 | An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. | ||
| CVE-2024-6098 | Med | 0.34 | 5.3 | 0.00 | Aug 16, 2024 | When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause… | ||
| CVE-2026-12569 | 0.12 | — | 0.01 | KEV | Jun 18, 2026 | A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified… | ||
| CVE-2026-4681 | 0.00 | — | 0.01 | Mar 23, 2026 | A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0,… | |||
| CVE-2024-40395 | 0.00 | — | 0.01 | Aug 27, 2024 | An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. | |||
| CVE-2023-4296 | 0.00 | — | 0.01 | Aug 29, 2023 | If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. | |||
| CVE-2023-31200 | 0.00 | — | 0.00 | Jun 7, 2023 | PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | |||
| CVE-2023-29502 | 0.00 | — | 0.01 | Jun 7, 2023 | Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | |||
| CVE-2023-27881 | 0.00 | — | 0.01 | Jun 7, 2023 | A user could use the “Upload Resource” functionality to upload files to any location on the disk. | |||
| CVE-2023-29152 | 0.00 | — | 0.00 | Jun 7, 2023 | By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | |||
| CVE-2023-24476 | 0.00 | — | 0.00 | Jun 7, 2023 | An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | |||
| CVE-2023-29168 | 0.00 | — | 0.00 | Jun 7, 2023 | The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | |||
| CVE-2022-25251 | 0.00 | — | 0.02 | Mar 16, 2022 | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a… | |||
| CVE-2022-25252 | 0.00 | — | 0.02 | Mar 16, 2022 | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow… | |||
| CVE-2022-25250 | 0.00 | — | 0.02 | Mar 16, 2022 | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote… | |||
| CVE-2022-25249 | 0.00 | — | 0.02 | Mar 16, 2022 | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read… | |||
| CVE-2022-25248 | 0.00 | — | 0.01 | Mar 16, 2022 | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | |||
| CVE-2022-25246 | 0.00 | — | 0.02 | Mar 16, 2022 | Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating… | |||
| CVE-2022-25247 | 0.00 | — | 0.04 | Mar 16, 2022 | Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full… | |||
| CVE-2019-20635 | 0.00 | — | 0.01 | Apr 2, 2020 | codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. | |||
| CVE-2018-20092 | 0.00 | — | 0.02 | Dec 17, 2018 | PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. | |||
| CVE-2015-2061 | 0.00 | — | 0.04 | Mar 9, 2015 | Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | |||
| CVE-2014-9267 | 0.00 | — | 0.03 | Dec 8, 2014 | Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. | |||
| CVE-2007-4600 | 0.00 | — | 0.00 | Oct 18, 2007 | The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. | |||
| CVE-2006-7037 | 0.00 | — | 0.00 | Feb 23, 2007 | Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with… |
- risk 0.65cvss 10.0epss 0.01
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.
- risk 0.46cvss 7.1epss 0.00
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.
- risk 0.34cvss 5.3epss 0.00
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause…
- risk 0.12cvss —epss 0.01
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified…
- CVE-2026-4681Mar 23, 2026risk 0.00cvss —epss 0.01
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0,…
- CVE-2024-40395Aug 27, 2024risk 0.00cvss —epss 0.01
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
- CVE-2023-4296Aug 29, 2023risk 0.00cvss —epss 0.01
If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
- CVE-2023-31200Jun 7, 2023risk 0.00cvss —epss 0.00
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
- CVE-2023-29502Jun 7, 2023risk 0.00cvss —epss 0.01
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
- CVE-2023-27881Jun 7, 2023risk 0.00cvss —epss 0.01
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
- CVE-2023-29152Jun 7, 2023risk 0.00cvss —epss 0.00
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
- CVE-2023-24476Jun 7, 2023risk 0.00cvss —epss 0.00
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
- CVE-2023-29168Jun 7, 2023risk 0.00cvss —epss 0.00
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
- CVE-2022-25251Mar 16, 2022risk 0.00cvss —epss 0.02
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a…
- CVE-2022-25252Mar 16, 2022risk 0.00cvss —epss 0.02
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow…
- CVE-2022-25250Mar 16, 2022risk 0.00cvss —epss 0.02
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote…
- CVE-2022-25249Mar 16, 2022risk 0.00cvss —epss 0.02
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read…
- CVE-2022-25248Mar 16, 2022risk 0.00cvss —epss 0.01
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
- CVE-2022-25246Mar 16, 2022risk 0.00cvss —epss 0.02
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating…
- CVE-2022-25247Mar 16, 2022risk 0.00cvss —epss 0.04
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full…
- CVE-2019-20635Apr 2, 2020risk 0.00cvss —epss 0.01
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
- CVE-2018-20092Dec 17, 2018risk 0.00cvss —epss 0.02
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.
- CVE-2015-2061Mar 9, 2015risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute.
- CVE-2014-9267Dec 8, 2014risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
- CVE-2007-4600Oct 18, 2007risk 0.00cvss —epss 0.00
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element.
- CVE-2006-7037Feb 23, 2007risk 0.00cvss —epss 0.00
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with…