CVE-2023-29444

Name of the Vulnerable Software and Affected Versions KEPServerEX versions (affected versions not specified) ThingWorx Kepware Server versions (affected versions not specified)

Description The issue is related to an uncontrolled search path element vulnerability, also known as DLL hijacking. This could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, an attacker could host a trojanized version of the software, tricking victims into downloading and installing the malicious version to gain initial access and code execution.

Recommendations For KEPServerEX, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ThingWorx Kepware Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.