OpenCVE

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ptc	Axeda Agent Axeda Desktop Server

Configuration 1 [-]

OR	cpe:2.3:a:ptc:axeda_agent::::::::
	cpe:2.3:a:ptc:axeda_desktop_server::::::windows::*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
https://www.ptc.com/en/support/article/CS363561

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-03-16T14:03:29.947868Z

Updated: 2024-09-17T02:27:58.933Z

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-25247

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-16T15:15:16.400

Modified: 2024-11-21T06:51:52.500

Link: CVE-2022-25247

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Axeda agent", "vendor": "PTC", "versions": [{"status": "affected", "version": "All Versions"}]}, {"product": "Axeda Desktop Server for Windows", "vendor": "PTC", "versions": [{"status": "affected", "version": "All Versions"}]}], "credits": [{"lang": "en", "value": "Yuval Shoshani and Elad Luz of CyberMDX and Vedere Labs reported these vulnerabilities to PTC"}], "datePublic": "2022-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-16T14:03:29", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ptc.com/en/support/article/CS363561"}], "solutions": [{"lang": "en", "value": "PTC recommends the following:\n\nUpgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 when running older versions of the Axeda agent.\nConfigure Axeda agent and Axeda Desktop Server (ADS) to only listen on the local host interface 127.0.0.1. Refer to PTC knowledge article CS360255\nProvide a unique password in the AxedaDesktop.ini file for each unit.\nNever use ERemoteServer in production.\nMake sure to delete ERemoteServer file from host device.\nRemove the installation file, for example: Gateway_vs2017-en-us-x64-pc-winnt-vc14-6.9.3-1051.msi\nWhen running in Windows or Linux, only allow connections to ERemoteServer from trusted hosts and block all others.\nWhen running the Windows operating system, configure Localhost communications (127.0.0.1) between ERemoteServer and Axeda Builder. Refer to PTC knowledge article CS360255\nConfigure the Axeda agent for the authentication information required to log in to the Axeda Deployment Utility. Refer to PTC knowledge article CS360255\nPTC recommends upgrading the Axeda Desktop Server (ADS) to Version 6.9 build 215\n\nThe Axeda agent loopback-only configuration is only available in Version 6.9.1 and above. Hence, upgrading to Axeda agent 6.9.1 or above is required."}], "source": {"advisory": "ICSA-22-067-01", "discovery": "UNKNOWN"}, "title": "PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-03-08T17:50:00.000Z", "ID": "CVE-2022-25247", "STATE": "PUBLIC", "TITLE": "PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Axeda agent", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}, {"product_name": "Axeda Desktop Server for Windows", "version": {"version_data": [{"version_affected": "=", "version_value": "All Versions"}]}}]}, "vendor_name": "PTC"}]}}, "credit": [{"lang": "eng", "value": "Yuval Shoshani and Elad Luz of CyberMDX and Vedere Labs reported these vulnerabilities to PTC"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"}, {"name": "https://www.ptc.com/en/support/article/CS363561", "refsource": "MISC", "url": "https://www.ptc.com/en/support/article/CS363561"}]}, "solution": [{"lang": "en", "value": "PTC recommends the following:\n\nUpgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 when running older versions of the Axeda agent.\nConfigure Axeda agent and Axeda Desktop Server (ADS) to only listen on the local host interface 127.0.0.1. Refer to PTC knowledge article CS360255\nProvide a unique password in the AxedaDesktop.ini file for each unit.\nNever use ERemoteServer in production.\nMake sure to delete ERemoteServer file from host device.\nRemove the installation file, for example: Gateway_vs2017-en-us-x64-pc-winnt-vc14-6.9.3-1051.msi\nWhen running in Windows or Linux, only allow connections to ERemoteServer from trusted hosts and block all others.\nWhen running the Windows operating system, configure Localhost communications (127.0.0.1) between ERemoteServer and Axeda Builder. Refer to PTC knowledge article CS360255\nConfigure the Axeda agent for the authentication information required to log in to the Axeda Deployment Utility. Refer to PTC knowledge article CS360255\nPTC recommends upgrading the Axeda Desktop Server (ADS) to Version 6.9 build 215\n\nThe Axeda agent loopback-only configuration is only available in Version 6.9.1 and above. Hence, upgrading to Axeda agent 6.9.1 or above is required."}], "source": {"advisory": "ICSA-22-067-01", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.600Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ptc.com/en/support/article/CS363561"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-25247", "datePublished": "2022-03-16T14:03:29.947868Z", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-09-17T02:27:58.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ptc:axeda_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "A016E65E-5D4E-41FF-8C6A-F14EBAA7D08E", "versionEndExcluding": "6.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:axeda_desktop_server:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9FFDC4DB-DDD1-48DE-9E3D-55D02BEE6EBC", "versionEndExcluding": "6.9.215", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution."}, {"lang": "es", "value": "Axeda agent (Todas las versiones) y Axeda Desktop Server para Windows (Todas las versiones) pueden permitir a un atacante enviar determinados comandos a un puerto espec\u00edfico sin autenticaci\u00f3n. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda permitir a un atacante remoto no autenticado obtener acceso completo al sistema de archivos y la ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2022-25247", "lastModified": "2024-11-21T06:51:52.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-16T15:15:16.400", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.ptc.com/en/support/article/CS363561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ptc.com/en/support/article/CS363561"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}