July 2, 2024 at 02:54PM
CISA and PTC reported a critical flaw in an industrial computer-aided design software server (CVE-2024-6071), exposing systems to unauthorized remote access. A patch has been issued for affected Creo Elements/Direct License Servers, urging immediate update. PTC stated no evidence of exploitation in the wild and emphasized no impact on the PTC Creo License Server used by global brands.
Key Takeaways from the Meeting Notes:
– CISA and PTC identified a critical flaw in one of PTC’s servers, leaving industrial control systems exposed to the Internet and vulnerable to unauthorized remote access.
– A patch has been issued to address the critical flaw, and affected Creo Elements/Direct License Servers are advised to update immediately.
– The flaw is tracked under CVE-2024-6071 and has been assigned the highest CVSS score of 10.
– PTC reported that the vulnerability does not impact the PTC Creo License Server.
– PTC emphasized that there is currently no evidence of the flaw being exploited in the wild.
– PTC is a widely used software in industrial engineering and manufacturing, with clients including Volvo, Lufthansa, Medtronic, HP, Merck, and GE.