Unauthenticated Remote Attackers Can Execute Arbitrary OS Commands on PTC Creo Elements/Direct License Server
CVE-2024-6071

10CRITICAL

Key Information:

Vendor: Ptc
Status: Creo Elements/direct License
Vendor: CVE Published:; 27 June 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-6071?

The vulnerability in PTC Creo Elements/Direct License Server allows unauthenticated remote attackers to interact with the server's web interface. By exploiting this exposure, attackers can execute arbitrary operating system commands, posing a significant risk to server integrity and data security. This vulnerability necessitates immediate attention to prevent potential breaches and unauthorized actions on affected server instances.

Affected Version(s)

Creo Elements/Direct License 0 <= 20.7.0.0

News Articles

SC Media

CVE-2024-6071

Maximum severity PTC license server bug fixed

Major product lifecycle management software provider PTC has released a fix for a maximum severity vulnerability impacting a license server of its widely used Creo Elements/Direct modeling CAD software, tracked as CVE-2024-6071, reports SecurityWeek.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

https://www.ptc.com/en/support/article/CS417607

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by SC Media
Aug 24, 2024
👾
Exploit known to exist
Jul 3, 2024
Vulnerability published
Jun 27, 2024

Credit

Thomas Riedmaier of Siemens Energy reported this vulnerability to PTC.

Ptc

Badges

What is CVE-2024-6071?

Affected Version(s)

News Articles

Maximum severity PTC license server bug fixed

References

CVSS V3.1

Timeline

Credit