CVE-2023-29446
Last modified
CVE-2023-29446 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
Metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ptc | Kepware Kepserverex | >= 6.0.2107.0, <= 6.14.263.0 |
| Ptc | Thingworx Kepware Server | >= 6.8, <= 6.14.263.0 |
| Ptc | Thingworx Industrial Connectivity | >= 8.0, <= 8.5 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03Third Party Advisory, US Government Resource
- https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/Third Party Advisory
- https://www.ptc.com/en/support/article/cs399528Vendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03Third Party Advisory, US Government Resource
- https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/Third Party Advisory
- https://www.ptc.com/en/support/article/cs399528Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-29446?
How severe is CVE-2023-29446?
How do I fix CVE-2023-29446?
Are you affected by CVE-2023-29446?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST