Major product lifecycle management software provider PTC has released a fix for a maximum severity vulnerability impacting a license server of its widely used Creo Elements/Direct modeling CAD software, tracked as CVE-2024-6071, reports SecurityWeek.
There has been no evidence suggesting any active exploitation of the security issue, which was identified and reported by Siemens Energy researcher Thomas Riedmaier to be potentially used for unauthenticated command execution in systems, especially those belonging to the critical manufacturing industry.
Organizational network access is crucial in abusing the flaw due to the affected license server usually not accessible via the internet, according to Riedmaier, who was able to obtain sensitive data and separated network access after leveraging an exploit against a Windows-based PTC license server installation that accommodated various services and featured multiple network connections. Immediate vulnerability response efforts from PTC has also been praised by Riedmaier.
