We are aware of the recently disclosed PTC Axeda agent vulnerabilities (CVE-2022-25247, 25248, 25249, 25250, 25251). We are actively monitoring this serious issue, and we are working to assess any products or services provided by Leica Microsystems that are either directly or indirectly affected by this vulnerability.
At the current time, we have identified SPE, SP5, SP8 and SCN400 as potentially affected. Furthermore, this only affects instruments:
- having currently any network connection, including restricted connections, and
- running pre-2021 version of Axeda RemoteCare.
This software is no longer being used by Leica Microsystems. LMS has retired the software on December 31, 2020.
There are several mitigation options:
- Contact your IT Department to restrict network access to the instrument,
- Contact Leica Service to uninstall Axeda software from your instrument @ @firstname.lastname@example.org
- For additional mitigation please visit: https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
For more information, please review:
Also, we strongly encourage all customers to register their equipment to receive email notifications in the future.