This updated advisory is a follow-up to the original advisory titled ICSA-22-242-10 PTC Kepware KEPServerEX that was published August 30, 2022, to the ICS webpage at www.cisa.gov/ics.
Successful exploitation of these vulnerabilities could allow an attacker to crash the device or remotely execute arbitrary code.
The following PTC products are affected by vulnerabilities found in Kepware KEPServerEX, a connectivity platform:
- Kepware KEPServerEX: Versions prior to 6.12
- ThingWorkx Kepware Server: Versions prior to 6.12
- ThingWorkx Industrial Connectivity: All versions
- OPC-Aggregator: Versions prior to 6.12
- ThingWorkx Kepware Edge: Versions 1.4 and prior
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.