CVE-2023-29446: Improper Input Validation in PTC's Kepware KEPServerEX

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-29446

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Improper Input Validation in PTC's Kepware KEPServerEX

Source: NVD (National Vulnerability Database)

Vulnerability Description

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

路径遍历：’\UNCsharename'(WindowsUNC共享)

Source: NVD (National Vulnerability Database)

Vulnerability Title

PTC Kepware KEPServerEX 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PTC Kepware KEPServerEX是美国PTC公司的一个工业自动化数据连接解决方u200bu200b案。 PTC Kepware KepServerEX 6.14.263.0 及之前版本存在安全漏洞，该漏洞源于容易通过恶意项目文件遭受 UNC 路径注入，通过诱骗用户加载项目文件并单击 GUI 中的特定按钮，攻击者可以获得 Windows 用户 NTLMv2 哈希值，并离线破解它们。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
PTC	Kepware KEPServerEX	0 ~ 6.14.263.0	-
PTC	ThingWorx Kepware Server	0 ~ 6.14.263.0	-
PTC	ThingWorx Industrial Connectivity	8.0 ~ 8.5	-

II. Public POCs for CVE-2023-29446

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-29446

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Kepware KEPServerEX

Same vendor: PTC

Same weakness: CWE-40

V. Comments for CVE-2023-29446

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-29446

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-29446

III. Intelligence Information for CVE-2023-29446

IV. Related Vulnerabilities

V. Comments for CVE-2023-29446

Leave a comment