A collection of seven vulnerabilities were discovered in PTC’s Axeda agent. Forescout’s Vedere Labs, in collaboration with CyberMDX, found a slew of new vulnerabilities, collectively called Access 7. The Axeda is a remote access and management solution for over 150 linked IoT devices from over 100 vendors.
Three of the security flaws received a severity level of at least 9.4 by CISA, which indicates as critical. The issues may be used to execute remote code on devices running a vulnerable version of the Axeda agent.
What is the Axeda platform?
The Axeda platform, developed by Parametric Technology Corporation (PTC), delivers telemetry data from IoT devices on the network. It also has the ability for remote servicing via locally deployed agents.
IoT devices make use of a diverse set of operating systems, hardware, and software. Customers are typically not permitted to install software, including security agents, on IoT devices. In the case of Access:7, PTC relies on IoT manufacturers to install the Axeda agent before selling their IoT devices to customers; a practice is known as an original equipment manufacturer (OEM).
Axeda agents may run on a wide range of linked systems, with equipment in the healthcare industry being particularly widespread, making them appealing targets for supply-chain attacks.
Devices and vendors that are affected by the vulnerability
Forescout has compiled a list of more than 100 vendors and 150 Axeda-enabled devices. Using anonymized customer data from the Vedere Labs Global Cyber Intelligence Dashboard, more than 2,000 unique machines running Axeda on their networks were detected.
Axeda was created as a cloud platform for IoT devices; therefore, it can be found in several applications other than healthcare. ATMs, vending machines, cash management systems, label printers, barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and machinery such as industrial cutters are examples of vulnerable devices used in various industries.
The seriousness of the vulnerabilities is highlighted by a complete list of 150+ possibly compromised devices from 100+ vendors. Several medical imaging and laboratory devices are included on the list.
The healthcare sector accounts for 55 percent of the 100 afflicted device vendors, followed by IoT (24 percent), IT (8 percent), financial services (5 percent), and manufacturing (4 percent). In the healthcare industry, 54 percent of consumers with Axeda-powered devices have been identified.
The list of identified flaws are:
- CVE-2022-25246 (CVSS score: 9.8) — The usage of hard-coded credentials in the AxedaDesktopServer.exe service, which may allow remote device takeover.
- CVE-2022-25247 (CVSS score: 9.8) – A weakness in ERemoteServer.exe that might be exploited to transmit specially crafted commands. It allows getting Remote code execution (RCE) and complete file system access.
- CVE-2022-25251 (CVSS score: 9.8) — Inadequate authentication in the Axeda xGate.exe agent. It might be exploited to change the agent’s configuration.
- CVE-2022-25249 (CVSS score: 7.5) – A directory traversal weakness in the Axeda xGate.exe agent. It allows a remote unauthenticated attacker to get file system read access on the webserver.
- CVE-2022-25250 (CVSS score: 7.5) — A denial-of-service (DoS) bug in the Axeda xGate.exe agent caused by an undocumented command injection.
- CVE-2022-25252 (CVSS score: 7.5) — A buffer overflow vulnerability in the Axeda xBase39.dll component that might cause a denial-of-service attack (DoS).
- CVE-2022-25248 (CVSS score: 5.3) – An information disclosure hole in the ERemoteServer.exe service allows unauthenticated parties to view the live event text log.
Endnote
Exploiting the holes successfully could provide attackers with the ability to remotely execute malicious code. As a result, it may grant them full control access to devices and sensitive data, as well as the ability to modify configurations and shut down specific services in the impacted devices. All versions of the Axeda Agent before 6.9.3 are vulnerable, and Axeda has published patches to address all vulnerabilities.
Stay tuned about the latest in cybersecurity by following us on LinkedIn and subscribing to our newsletters.
