Home / About / Threat Intelligence / Access7: Supply Chain Vulnerabilities

Overview

Researchers have identified 7 vulnerabilities affecting the Axeda IoT framework which is used in more than 150 different models of device. The majority are medical devices but others in the financial sector, manufacturing, and other sectors are also affected.

Vulnerabilities include hard-coded credentials, unauthenticated command API, and full command execution.

Impact

A network-based attacker could remotely execute code, access the file system or alter system configurations on devices built with PTC Axeda.

Vulnerability Detection

These can be difficult to detect and highlights the need for detailed inventory management.

Affected Products

All versions of the Axeda Agent prior to 6.9.3.
A list of devices is available here.

Containment, Mitigations & Remediations

As a supply chain issue, updates for devices will need to be provided by individual manufacturers.
Where possible, IoT devices should not be internet facing and remote access should be controlled using a VPN. Network segmentation can reduce the risk from compromised devices.

The following ports can be blocked to prevent exploitation:

cve port description
CVE-2022-25249 56120, 56130 Web server of main agent service
CVE-2022-25250 3011 Main agent service shutdown signal
CVE-2022-25251 3031 Main agent service configuration
CVE-2022-25246 5920, 5820 VNC agent
CVE-2022-25248 3077 Event log, used in deployment configuration
CVE-2022-25247 3076 Code execution and file system access, used in deployment configuration

Indicators of Compromise

No active exploitation has been noted.

Threat Landscape

Common components, such as those found to be vulnerable, present wide opportunities for threat actors to target supply chains in order to impact higher numbers of devices. Attacks against Operation Technology (OT) is on the rise because of its increasing prevalence.

Access to medical information and the possibility to tamper with test results or function present the highest risk of these vulnerabilities but attacks targeted against ATMs, vending machines, barcode scanning systems, and industrial manufacturing equipment may have an unintended, but direct consequences, to individuals.

Mitre Methodologies

T1190 – Exploit Public-Facing Application
T0862 – Supply Chain Compromise

Further Information

How Supply Chain Vulnerabilities Can Allow Unwelcomed Access to Medical and IoT Devices

Security vulnerabilities identified in the Axeda agent and Axeda Desktop Server