2022-034: Multiple Vulnerabilities in PTC Axeda Agent and Axeda Desktop Server Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2022-034

DATE(S) ISSUED:

03/09/2022

OVERVIEW:

Multiple vulnerabilities have been discovered in PTC Axeda Agent and Axeda Desktop Server, the most severe of which could allow for remote code execution. PTC Axeda is a cloud based remote access solution commonly used for devices within the healthcare industry. Successful exploitation of these vulnerabilities could result in full system access, remote code execution, read/change configuration, file system read access, log information access, and a denial-of-service condition.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

Axeda agent: All version

Axeda Desktop Server for Windows: All versions

RISK:

Government:

Large and medium government entitiesHIGH

Small governmentMEDIUM

Businesses:

Large and medium business entitiesHIGH

Small business entitiesMEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in PTC Axeda agent and Axeda Desktop Server, the most severe of which could allow for remote code execution. Details of these vulnerabilities are as follows:

The affected product uses hard-coded credentials for its UltraVNC installation which could allow for a unauthenticated remote attacker take control of the host operating system. (CVE-2022-25246)

The affected product may allow an attacker to send certain commands to a specific port without authentication which could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. (CVE-2022-25247)

When connecting to a certain port the affected product supplies the event log of the specific service. (CVE-2022-25248)

The affected product (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal which ..

Support the originator by clicking the read the rest link below.