CVE-2022-25248: PTC Axeda agent and Axeda Desktop Server Information Exposure

Remedy

PTC recommends the following: Upgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 when running older versions of the Axeda agent. Configure Axeda agent and Axeda Desktop Server (ADS) to only listen on the local host interface 127.0.0.1. Refer to PTC knowledge article CS360255 Provide a unique password in the AxedaDesktop.ini file for each unit. Never use ERemoteServer in production. Make sure to delete ERemoteServer file from host device. Remove the installation file, for example: Gateway_vs2017-en-us-x64-pc-winnt-vc14-6.9.3-1051.msi When running in Windows or Linux, only allow connections to ERemoteServer from trusted hosts and block all others. When running the Windows operating system, configure Localhost communications (127.0.0.1) between ERemoteServer and Axeda Builder. Refer to PTC knowledge article CS360255 Configure the Axeda agent for the authentication information required to log in to the Axeda Deployment Utility. Refer to PTC knowledge article CS360255 PTC recommends upgrading the Axeda Desktop Server (ADS) to Version 6.9 build 215 The Axeda agent loopback-only configuration is only available in Version 6.9.1 and above. Hence, upgrading to Axeda agent 6.9.1 or above is required.