Saturday, July 13, 2024

Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

HomeCyberSecurityRCE Flaw That Affects Critical Manufacturing

RCE Flaw That Affects Critical Manufacturing

Critical Infrastructure Security

Hackers Have Not Yet Exploited the CVSS 10-Rated Flaw, Says PTC

Patched: RCE Flaw That Affects Critical Manufacturing
Image: Shutterstock

Software maker for critical manufacturing organizations PTC patched a critical flaw that could allow hackers to execute arbitrary commands on a system server, days after the U.S. cybersecurity watchdog published a vulnerability advisory.

See Also: Identity Security Clinic

The product life cycle management solutions provider said the CVSS 10-rated vulnerability affects the license server in its Creo Elements/Direct product, which is a direct modeling CAD software used to create 3D designs.

Hackers can remotely exploit the vulnerability, tracked as CVE-2024-6071, in the license server that exposes a web interface to execute arbitrary commands on the underlying server. They can also move laterally in systems of critical manufacturing as well as global industrial organizations such as Volvo, Lufthansa, Medtronic, HP, Merck and GE, which use the software.

Thomas Riedmaier of Siemens Energy discovered the flaw, which affects versions and earlier.

In an industrial control systems advisory published in late June, the Cybersecurity and Infrastructure Security Agency says the tool is widely used in critical manufacturing.

The impact of the exploitation varies based on where the license server is deployed and what access it provides. PTC said it has “no indication nor has been made aware that this vulnerability has or is being exploited.”

Riedmaier told SecurityWeek that the affected license server is typically not exposed to the internet, so an attacker would need to already have access to an organization’s network to exploit the flaw.

Source link

Bookmark (0)
- Advertisment -spot_img

Most Popular

Sponsored Business

- Advertisment -spot_img