CVE-2023-29445: 
PTC KEPServerEX vulnerability analysis and mitigation

An uncontrolled search path element vulnerability (DLL hijacking) was discovered in PTC's KEPServerEX software that affects versions 6.14.263.0 and prior, ThingWorx Kepware Server version 6.14.263.0 and prior, and ThingWorx Industrial Connectivity versions 8.0 to 8.5. The vulnerability was assigned CVE-2023-29445 and could allow a locally authenticated adversary to escalate privileges to SYSTEM level (NIST NVD, CISA Advisory).

The vulnerability is classified as an uncontrolled search path element (CWE-427) affecting the KEPServerEX binary. It received a CVSS v3.1 base score of 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically relates to DLL search order hijacking, where a locally authenticated user could exploit the system by placing a malicious DLL in a specific directory (NIST NVD, Dragos Advisory).

Successful exploitation of this vulnerability could allow an attacker to escalate privileges to SYSTEM level, potentially gaining complete control over the affected system. This poses a significant risk to industrial automation control platforms where KEPServerEX is deployed (CISA Advisory).

PTC developed patches to address this vulnerability, with fixes expected to be released by November 2023. In the interim, users are advised to follow PTC's secure configuration documentation and implement CISA's recommended defensive measures, including minimizing network exposure, using firewalls to isolate control system networks from business networks, and employing secure remote access methods like VPNs when necessary (CISA Advisory).