Creo Elements/Direct License Servers, which enable industrial design and modeling software, are exposed to the Internet, leaving critical infrastructure vulnerable to remote code execution. Days after the Cybersecurity and Infrastructure Security Agency (CISA) and industrial computer-aided design software provider PTC raised the alarm about a critical flaw in one of its servers, a patch has been issued.
First reported on June 25, the critical industrial control systems flaw in one of the engineering and manufacturing software provider’s servers, tracked under CVE-2024-6071, left systems exposed to the Internet and vulnerable to unauthorized remote access. The flaw was assigned the highest CVSS score of 10. Affected Creo Elements/Direct License Servers are advised to update immediately.PTC is used in industrial engineering and manufacturing organizations worldwide by brands like Volvo, Lufthansa, Medtronic, HP, Merck, and GE.