多款Siemens产品安全漏洞

🗓️ 11 May 2022 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

Siemens Desigo devices PXC3, PXC4, PXC5 and DXR2 have a username enumeration vulnerability.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-24043	20 May 202213:15	–	attackerkb
BDU FSTEC	The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules lies in the exposure to information leakage due to inconsistencies in the system. This allows attackers to gain unauthorized access to protected information.	29 Jun 202200:00	–	bdu_fstec
CNVD	Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37376)	12 May 202200:00	–	cnvd
CVE	CVE-2022-24043	10 May 202209:46	–	cve
Cvelist	CVE-2022-24043	10 May 202209:46	–	cvelist
EUVD	EUVD-2022-28958	3 Oct 202520:07	–	euvd
ICS	Siemens Desigo PXC and DXR Devices	12 May 202200:00	–	ics
NVD	CVE-2022-24043	20 May 202213:15	–	nvd
OSV	CVE-2022-24043	20 May 202213:15	–	osv
Prion	Design/Logic Flaw	20 May 202213:15	–	prion

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
auscert	www.auscert.org.au/bulletins/ESB-2022.2349
us-cert	www.us-cert.cisa.gov/ics/advisories/icsa-22-132-10
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022051124
cxsecurity	www.cxsecurity.com/cveshow/CVE-2022-24043/

23 May 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 25

CVSS 3.15.3

EPSS0.0067

Desigo room automation Building automation controllers Username enumeration vulnerability Siemens Desigo devices Security vulnerability