PTC License Server Bug Needs Immediate Patch Against Critical Flaw

Creo Elements/Direct License Servers, which enable industrial design and modeling software, are exposed to the Internet, leaving critical infrastructure vulnerable to remote code execution.

Dark Reading Staff, Dark Reading

July 2, 2024

1 Min Read
A person design modeling on laptop
Source: Ragma Images via Alamy Stock Photo

Days after the Cybersecurity and Infrastructure Security Agency (CISA) and industrial computer-aided design software provider PTC raised the alarm about a critical flaw in one of its servers, a patch has been issued.

First reported on June 25, the critical industrial control systems flaw in one of the engineering and manufacturing software provider's servers, tracked under CVE-2024-6071, left systems exposed to the Internet and vulnerable to unauthorized remote access. The flaw was assigned the highest CVSS score of 10. Affected Creo Elements/Direct License Servers are advised to update immediately.

PTC noted there is no evidence the flaw has been exploited in the wild. The vulnerability does not impact the PTC Creo License Server, the vendor said.

PTC is used in industrial engineering and manufacturing organizations worldwide by brands like Volvo, Lufthansa, Medtronic, HP, Merck, and GE.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights