MS VS UNC Path Injection via Malicious Project Captures NTLMv2 Hashes
CVE-2023-29446 Published on January 10, 2024

Improper Input Validation in PTC's Kepware KEPServerEX
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-29446 is exploitable with local system access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is a Windows UNC Share Vulnerability?

An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software system to potentially redirect access to an unintended location or arbitrary file.

CVE-2023-29446 has been classified to as a Windows UNC Share vulnerability or weakness.


Products Associated with CVE-2023-29446

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-29446 are published in these products:

Ptc Kepware Kepserverex
 
Ptc Thingworx Kepware Server
 
Ptc Thingworx Industrial Connectivity
 
Microsoft Visual Studio
 

Affected Versions

PTC Kepware KEPServerEX: PTC ThingWorx Kepware Server: PTC ThingWorx Industrial Connectivity:

Exploit Probability

EPSS
0.07%
Percentile
21.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.