Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-91620
HistoryOct 13, 2022 - 12:00 a.m.

Information leakage vulnerability of multiple Siemens products

2022-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
siemens
desigo px
building automation
information disclosure
vulnerability
file read access
root privileges
remote attacker
sensitive files
device file system
axon language

EPSS

0.001

Percentile

42.1%

JSON

Siemens Desigo PX is a building automation control system from Siemens, a German company. The information disclosure vulnerability in several Siemens products stems from the fact that the endpoint of the “Operation” web application that interprets and executes Axon language queries allows file read access to the device file system with root privileges, which can be exploited by a remote attacker with low privileges to read sensitive files on the device by providing specific I/O-related Axon queries to read sensitive files on the device.

Related

prion 1
cvelist 1
nessus 1
nvd 1
cve 1
ics 1
prion
prion
Design/Logic Flaw
2022-10-11 11:15:00
cvelist
cvelist
CVE-2022-40177
2022-10-11 00:00:00
nessus
nessus
Siemens Desigo PXM Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-40177)
2023-01-25 00:00:00
nvd
nvd
CVE-2022-40177
2022-10-11 11:15:10
cve
cve
CVE-2022-40177
2022-10-11 11:15:10
ics
ics
Siemens Desigo PXM Devices
2022-10-13 12:00:00

EPSS

0.001

Percentile

42.1%

JSON
Related for CNVD-2022-91620
prion1cvelist1nessus1nvd1cve1ics1