Lucene search

SiemensCVE-2022-40178

HistoryOct 11, 2022 - 11:15 a.m.

CVE-2022-40178

2022-10-1111:15:10

CWE-79

siemens

web.nvd.nist.gov

vulnerability

desigo

pxm

web application

remote attacker

javascript

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code.

Affected configurations

Nvd

Node

siemensdesigo_pxm30-1_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm30-1Match-

Node

siemensdesigo_pxm30.e_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm30.eMatch-

Node

siemensdesigo_pxm40-1_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm40-1Match-

Node

siemensdesigo_pxm40.e_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm40.eMatch-

Node

siemensdesigo_pxm50-1_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm50-1Match-

Node

siemensdesigo_pxm50.e_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm50.eMatch-

Node

siemenspxg3.w100-1_firmwareRange<02.20.126.11-37

AND

siemenspxg3.w100-1Match-

Node

siemenspxg3.w100-2_firmwareRange<02.20.126.11-41

AND

siemenspxg3.w100-2Match-

Node

siemenspxg3.w200-1_firmwareRange<02.20.126.11-37

AND

siemenspxg3.w200-1Match-

Node

siemenspxg3.w200-2_firmwareRange<02.20.126.11-41

AND

siemenspxg3.w200-2Match-

VendorProductVersionCPE
siemensdesigo_pxm30-1_firmware*cpe:2.3:o:siemens:desigo_pxm30-1_firmware:*:*:*:*:*:*:*:*
siemensdesigo_pxm30-1-cpe:2.3:h:siemens:desigo_pxm30-1:-:*:*:*:*:*:*:*
siemensdesigo_pxm30.e_firmware*cpe:2.3:o:siemens:desigo_pxm30.e_firmware:*:*:*:*:*:*:*:*
siemensdesigo_pxm30.e-cpe:2.3:h:siemens:desigo_pxm30.e:-:*:*:*:*:*:*:*
siemensdesigo_pxm40-1_firmware*cpe:2.3:o:siemens:desigo_pxm40-1_firmware:*:*:*:*:*:*:*:*
siemensdesigo_pxm40-1-cpe:2.3:h:siemens:desigo_pxm40-1:-:*:*:*:*:*:*:*
siemensdesigo_pxm40.e_firmware*cpe:2.3:o:siemens:desigo_pxm40.e_firmware:*:*:*:*:*:*:*:*
siemensdesigo_pxm40.e-cpe:2.3:h:siemens:desigo_pxm40.e:-:*:*:*:*:*:*:*
siemensdesigo_pxm50-1_firmware*cpe:2.3:o:siemens:desigo_pxm50-1_firmware:*:*:*:*:*:*:*:*
siemensdesigo_pxm50-1-cpe:2.3:h:siemens:desigo_pxm50-1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	desigo_pxm30-1_firmware	*	cpe:2.3:o:siemens:desigo_pxm30-1_firmware::::::::
siemens	desigo_pxm30-1	-	cpe:2.3:h:siemens:desigo_pxm30-1:-:::::::*
siemens	desigo_pxm30.e_firmware	*	cpe:2.3:o:siemens:desigo_pxm30.e_firmware::::::::
siemens	desigo_pxm30.e	-	cpe:2.3:h:siemens:desigo_pxm30.e:-:::::::*
siemens	desigo_pxm40-1_firmware	*	cpe:2.3:o:siemens:desigo_pxm40-1_firmware::::::::
siemens	desigo_pxm40-1	-	cpe:2.3:h:siemens:desigo_pxm40-1:-:::::::*
siemens	desigo_pxm40.e_firmware	*	cpe:2.3:o:siemens:desigo_pxm40.e_firmware::::::::
siemens	desigo_pxm40.e	-	cpe:2.3:h:siemens:desigo_pxm40.e:-:::::::*
siemens	desigo_pxm50-1_firmware	*	cpe:2.3:o:siemens:desigo_pxm50-1_firmware::::::::
siemens	desigo_pxm50-1	-	cpe:2.3:h:siemens:desigo_pxm50-1:-:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Desigo PXM30-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM30.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM40-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM40.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM50-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM50.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W100-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-37",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W100-2",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W200-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-37",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W200-2",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf

Social References

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Related for CVE-2022-40178