Lucene search
China National Vulnerability DatabaseCNVD-2022-91640HistoryOct 13, 2022 - 12:00 a.m.
Multiple Siemens Products Operating System Command Injection Vulnerabilities
2022-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
siemens
desigo px
command injection
vulnerability
operating system
remote attacker
root privileges
restore operations
0.002 Low
EPSS
Percentile
54.9%
Siemens Desigo PX is a building automation control system from Siemens (Germany). Multiple Siemens products are vulnerable to operating system command injection. The vulnerability stems from the presence of incorrect neutralization of special elements used in O commands with root privileges during restore operations, which can be exploited by a remote attacker with low privileges to execute arbitrary system commands with root privileges on the device by restoring a specially crafted package.
Related
prion
prion
Command injection
2022-10-11 11:15:00
cve
cve
CVE-2022-40176
2022-10-11 11:15:10
nessus
nessus
cvelist
cvelist
CVE-2022-40176
2022-10-11 00:00:00
nvd
nvd
CVE-2022-40176
2022-10-11 11:15:10
ics
ics
Siemens Desigo PXM Devices
2022-10-13 12:00:00