CVE-2022-25247

Name of the Vulnerable Software and Affected Versions Axeda agent (All versions) Axeda Desktop Server for Windows (All versions)

Description The issue allows an attacker to send certain commands to a specific port without authentication. Successful exploitation could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. The vulnerability is also related to the use of hardcoded credentials during the installation of UltraVNC, which could allow a remote attacker to gain full control over the operating system.

Recommendations For Axeda agent (All versions), consider restricting access to the specific port used by the agent to minimize the risk of exploitation. For Axeda Desktop Server for Windows (All versions), avoid using hardcoded credentials during the installation of UltraVNC until a secure alternative is implemented. As a temporary workaround, consider disabling the UltraVNC installation or restricting its use until the issue is resolved.