Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker gaining Windows SYSTEM-level code execution on the service host and may cause the product to crash, leak sensitive information, or connect to the product without proper authentication.
CVEs (2)
Remediations
- PTC has released and recommends users to update to the following versions:
- KEPServerEX should upgrade to v6.15 or later
- ThingWorx Kepware Server should upgrade to v6.15 or later
- ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later
- OPC-Aggregator should upgrade to v6.15 or later
- ThingWorx Kepware Edge: Upgrade to v1.8 or later
- Refer to secure configuration guide here
- If additional questions remain, please contact PTC Technical Support
- For more information, see PTC's advisory.
Affected Vendors
PTC
Affected Products (8)
PTC
·
KEPServerEX
<=v6.14.263.0
PTC
·
ThingWorx Kepware Server
<=v6.14.263.0
PTC
·
ThingWorx Industrial Connectivity
vers:all/*
PTC
·
OPC-Aggregator
<=v6.14
PTC
·
ThingWorx Kepware Edge
<=v1.7
PTC
·
Rockwell Automation KEPServer Enterprise
<=v6.14.263.0
PTC
·
GE Digital Industrial Gateway Server
<=v7.614
PTC
·
Software Toolbox TOP Server
<=v6.14.263.0
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more