Lucene search
CERTVDECVE-2022-40977HistoryNov 24, 2022 - 10:15 a.m.
CVE-2022-40977
2022-11-2410:15:11
CWE-22
CERTVDE
web.nvd.nist.gov
37
16
cve-2022-40977
pilz pasvisu server
path traversal
vulnerability
zip-slip
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.002
Percentile
54.1%
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’). File writes do not affect confidentiality or availability.
Affected configurations
Node
pilzpasvisuRange<1.12.0
Node
pilzpmi_v507_firmwareRange≤1.3.58
pilzpmi_v507Match-
Node
pilzpmi_v512_firmwareRange≤1.3.58
pilzpmi_v512Match-
Node
pilzpmi_v704e_firmwareRange<2.2.0
pilzpmi_v704eMatch-
Node
pilzpmi_v707e_firmwareRange<2.2.0
pilzpmi_v707eMatch-
Node
pilzpmi_v807_firmwareRange<1.6.102
pilzpmi_v807Match-
Node
pilzpmi_v812_firmwareRange<1.6.102
pilzpmi_v812Match-
Node
pilzpmi_v815_firmwareRange<1.6.102
pilzpmi_v815Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pilz | pasvisu | * | cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:* |
| pilz | pmi_v507_firmware | * | cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:* |
| pilz | pmi_v507 | - | cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:* |
| pilz | pmi_v512_firmware | * | cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:* |
| pilz | pmi_v512 | - | cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:* |
| pilz | pmi_v704e_firmware | * | cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:* |
| pilz | pmi_v704e | - | cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:* |
| pilz | pmi_v707e_firmware | * | cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:* |
| pilz | pmi_v707e | - | cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:* |
| pilz | pmi_v807_firmware | * | cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PASvisu",
"vendor": "PILZ",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMI v5xx (265507 + 265512)",
"vendor": "PILZ",
"versions": [
{
"lessThanOrEqual": "1.3.58",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMI v7xx (266704 + 266707)",
"vendor": "PILZ",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMI v8xx (266807, 266812, 266815)",
"vendor": "PILZ",
"versions": [
{
"lessThan": "1.6.102",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-40977 PILZ: PASvisu and PMI affected by ZipSlip
2022-11-24 09:20:22
prion
prion
Path traversal
2022-11-24 10:15:00
nvd
nvd
CVE-2022-40977
2022-11-24 10:15:11
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.002
Percentile
54.1%
Related for CVE-2022-40977