What is the severity of CVE-2023-29446?

CVE-2023-29446 is classified as a high severity vulnerability due to its potential for remote code execution through malicious project file injection.

How do I fix CVE-2023-29446?

To fix CVE-2023-29446, update to the latest version of PTC KEPServerEX or PTC ThingWorx products as advised by PTC.

What software is affected by CVE-2023-29446?

CVE-2023-29446 affects PTC KEPServerEX, PTC ThingWorx Kepware Server, and PTC ThingWorx Industrial Connectivity within specified version ranges.

What kind of attacks can CVE-2023-29446 lead to?

Exploitation of CVE-2023-29446 can lead to the capture of NTLMv2 hashes, allowing adversaries to potentially crack them offline.

Is there a known exploit for CVE-2023-29446?

As of now, there is no publicly disclosed exploit specifically for CVE-2023-29446, but the vulnerability itself poses serious risks if left unpatched.

Vulnerability/
CVE-2023-29446

medium

4.7

CWE

40 20

10/1/2024

14/11/2024

CVE-2023-29446: Improper Input Validation in PTC's Kepware KEPServerEX

First published: Wed Jan 10 2024(Updated: )

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

Credit: ot-cert@dragos.com

Affected Software	Affected Version	How to fix
Ptc Kepware Server	>=6.0.2107.0<=6.14.263.0
Ptc Kepware Server	>=6.8<=6.14.263.0
PTC ThingWorx Industrial Connectivity	>=8.0<=8.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-29446?
CVE-2023-29446 is classified as a high severity vulnerability due to its potential for remote code execution through malicious project file injection.
How do I fix CVE-2023-29446?
To fix CVE-2023-29446, update to the latest version of PTC KEPServerEX or PTC ThingWorx products as advised by PTC.
What software is affected by CVE-2023-29446?
CVE-2023-29446 affects PTC KEPServerEX, PTC ThingWorx Kepware Server, and PTC ThingWorx Industrial Connectivity within specified version ranges.
What kind of attacks can CVE-2023-29446 lead to?
Exploitation of CVE-2023-29446 can lead to the capture of NTLMv2 hashes, allowing adversaries to potentially crack them offline.
Is there a known exploit for CVE-2023-29446?
As of now, there is no publicly disclosed exploit specifically for CVE-2023-29446, but the vulnerability itself poses serious risks if left unpatched.

agent/type
agent/author
agent/references
agent/severity
agent/title
agent/first-publish-date
agent/event
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ptc
canonical/ptc kepware server
version/ptc kepware server/6.0.2107.0
version/ptc kepware server/6.14.263.0
version/ptc kepware server/6.8
canonical/ptc thingworx industrial connectivity
version/ptc thingworx industrial connectivity/8.0
version/ptc thingworx industrial connectivity/8.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.