CVE-2023-29444 MEDIUM

CVE-2023-29444: Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

Vendor Ptc
Product Kepware KEPServerEX
Weakness CWE-427
Published January 10, 2024
Last update May 14, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

Key dates

02Disclosure timeline

January 10, 2024 CVE published
May 14, 2025 Record updated