EVENT:

North America Forum – Join us in Chicago, May 14–15, for top-tier OT security strategies, sessions and workshops.

Register Now
Skip to main content
Security Advisory

PTC’s KEPServerEX Vulnerabilities

DLL Hijacking, UNC Path Injection, Insufficiently Protected Credentials

Risk Information

Possible Threat

CVE ID

CVE-2023-29444

CVE-2023-29445

CVE-2023-29446

CVE-2023-29447

Vunerability Type

DLL Hijacking

DLL Hijacking

UNC Path Injection

Insufficiently Protected Credentials

CVSS3 Score

7.8

7.8

4.7

5.7

CVSSv3 Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affecting

  • PTC’s KEPServerEx, v6.13.250.0 and prior

    • Mitigation

    PTC plans to release a patch on November 14th, 2023.

    07/26/2023