Vulnerability Management, Patch/Configuration Management

Maximum severity PTC license server bug fixed

Interior of Big Modern server room with rows of rack cabinets, data centre or mining farm interior with beautiful neon lights reflections.

Major product lifecycle management software provider PTC has released a fix for a maximum severity vulnerability impacting a license server of its widely used Creo Elements/Direct modeling CAD software, tracked as CVE-2024-6071, reports SecurityWeek.

There has been no evidence suggesting any active exploitation of the security issue, which was identified and reported by Siemens Energy researcher Thomas Riedmaier to be potentially used for unauthenticated command execution in systems, especially those belonging to the critical manufacturing industry.

Organizational network access is crucial in abusing the flaw due to the affected license server usually not accessible via the internet, according to Riedmaier, who was able to obtain sensitive data and separated network access after leveraging an exploit against a Windows-based PTC license server installation that accommodated various services and featured multiple network connections. Immediate vulnerability response efforts from PTC has also been praised by Riedmaier.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.