CVE-2023-29445 - OpenCVE

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ptc	Thingworx Kepware Server Kepware Kepserverex Thingworx Industrial Connectivity

Configuration 1 [-]

cpe:2.3:a:ptc:kepware_kepserverex:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03	Third Party Advisory US Government Resource
https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/	Third Party Advisory
https://www.ptc.com/en/support/article/cs399528	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Dragos

Published: 2024-01-10T20:17:12.837Z

Updated: 2024-01-10T20:17:12.837Z

Reserved: 2023-04-06T17:45:40.441Z

Link: CVE-2023-29445

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-10T21:15:08.410

Modified: 2024-01-19T19:37:50.090

Link: CVE-2023-29445

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-29445", "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef", "state": "PUBLISHED", "assignerShortName": "Dragos", "dateReserved": "2023-04-06T17:45:40.441Z", "datePublished": "2024-01-10T20:17:12.837Z", "dateUpdated": "2024-01-10T20:17:12.837Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Kepware KEPServerEX", "vendor": "PTC", "versions": [{"lessThanOrEqual": "6.14.263.0", "status": "affected", "version": "0", "versionType": "0"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "ThingWorx Kepware Server", "vendor": "PTC", "versions": [{"lessThanOrEqual": "6.14.263.0", "status": "affected", "version": "0", "versionType": "0"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "ThingWorx Industrial Connectivity", "vendor": "PTC", "versions": [{"lessThanOrEqual": "8.5", "status": "affected", "version": "8.0", "versionType": "0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sam Hanson of Dragos"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."}], "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef", "shortName": "Dragos", "dateUpdated": "2024-01-10T20:17:12.837Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"}, {"tags": ["vendor-advisory"], "url": "https://www.ptc.com/en/support/article/cs399528"}, {"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"}], "source": {"discovery": "EXTERNAL"}, "title": "Uncontrolled Search Path Element in PTC's Kepware KEPServerEX", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE266C92-959F-41CE-A8DA-DC3D336BC169", "versionEndIncluding": "6.14.263.0", "versionStartIncluding": "6.0.2107.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "99455409-195C-418C-A227-E9C67E70C2F3", "versionEndIncluding": "6.14.263.0", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*", "matchCriteriaId": "10F80877-E2FA-4800-B4EB-BC87E35A9441", "versionEndIncluding": "8.5", "versionStartIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada (secuestro de DLL) que podr\u00eda permitir a un adversario autenticado localmente escalar privilegios a SYSTEM."}], "id": "CVE-2023-29445", "lastModified": "2024-01-19T19:37:50.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ot-cert@dragos.com", "type": "Secondary"}]}, "published": "2024-01-10T21:15:08.410", "references": [{"source": "ot-cert@dragos.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"}, {"source": "ot-cert@dragos.com", "tags": ["Third Party Advisory"], "url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"}, {"source": "ot-cert@dragos.com", "tags": ["Vendor Advisory"], "url": "https://www.ptc.com/en/support/article/cs399528"}], "sourceIdentifier": "ot-cert@dragos.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "ot-cert@dragos.com", "type": "Secondary"}]}