CVE-2022-25248 : Security Advisory and Response
Learn about CVE-2022-25248 impacting PTC's Axeda agent and Axeda Desktop Server, exposing event logs via a specific port. Find mitigation steps and upgrade recommendations to enhance security.
This article provides detailed information about CVE-2022-25248, a vulnerability impacting PTC's Axeda agent and Axeda Desktop Server for Windows.
Understanding CVE-2022-25248
CVE-2022-25248 involves the exposure of information when connecting to a specific port using Axeda agent and Axeda Desktop Server for Windows.
What is CVE-2022-25248?
The vulnerability in Axeda agent and Axeda Desktop Server for Windows allows unauthorized access to event logs via a certain port, potentially exposing sensitive information to attackers.
The Impact of CVE-2022-25248
With a CVSS base score of 5.3 (Medium severity), this vulnerability could result in the exposure of confidential information, though it does not impact system availability or integrity.
Technical Details of CVE-2022-25248
Here are the technical specifics regarding the CVE-2022-25248 vulnerability:
Vulnerability Description
When connecting to a specific port, both Axeda agent and Axeda Desktop Server for Windows inadvertently provide access to sensitive event logs.
Affected Systems and Versions
All versions of Axeda agent and Axeda Desktop Server for Windows are affected by this vulnerability.
Exploitation Mechanism
The vulnerability can be exploited by malicious actors connecting to the affected services' exposed port to gain unauthorized access to event log data.
Mitigation and Prevention
To address CVE-2022-25248, users are advised to take the following steps:
Immediate Steps to Take
- Upgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 for older installations
- Configure both Axeda agent and Axeda Desktop Server to listen only on the local host interface (127.0.0.1)
- Implement unique passwords in the AxedaDesktop.ini file for each unit
- Avoid using ERemoteServer in production environments and delete associated files
- Restrict connections to ERemoteServer to trusted hosts
Long-Term Security Practices
- Remove unused installation files
- Implement strict host-based access controls
- Utilize loopback-only configurations for enhanced security
Patching and Updates
Users should upgrade Axeda Desktop Server to Version 6.9 build 215 and ensure that Axeda agent is at version 6.9.1 or above to mitigate the vulnerability.