Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products
01-Mar-23
A number of PTC’s industrial IoT (IIoT) software solutions are vulnerable to two serious security flaws that could allow remote code execution and denial-of-service (DoS) attacks. Chris Anastasio and Steven Seeley of Incite Team found the security flaws and informed PTC about them in late March 2022.
Seeley and Anastasio participated in the 2022 ICS-focused Pwn2Own hacking competition, where they won a total of $80,000 for their exploits, around the same time that the two vulnerabilities were revealed to PTC.
