Lucene search
China National Vulnerability DatabaseCNVD-2022-91617HistoryOct 13, 2022 - 12:00 a.m.
Cross-site Request Forgery Vulnerability in Import Files Function of Multiple Siemens Products
2022-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
siemens
cross-site request forgery
vulnerability
import files
desigo px
building automation
control system
web application
remote attacker
unauthenticated
javascript code
cnvd
0.001 Low
EPSS
Percentile
32.4%
Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site request forgery vulnerability exists in several Siemens products, stemming from a lack of validation of anti-CSRF tokens or other source checks in the Import Files feature of the “Operation” Web application, which could be exploited by a remote, unauthenticated attacker to simply trick a victim into An unauthenticated remote attacker could simply trick a victim into accessing a specially crafted Web page while logged into the device’s Web application, which could be permanently and arbitrarily uploaded and execute JavaScript code.
Related
cve
cve
CVE-2022-40180
2022-10-11 11:15:10
prion
prion
Cross site request forgery (csrf)
2022-10-11 11:15:00
nvd
nvd
CVE-2022-40180
2022-10-11 11:15:10
nessus
nessus
Siemens Desigo PXM Devices Cross-Site Request Forgery (CVE-2022-40180)
2023-01-25 00:00:00
cvelist
cvelist
CVE-2022-40180
2022-10-11 00:00:00
ics
ics
Siemens Desigo PXM Devices
2022-10-13 12:00:00