Lucene search

[email protected]CVE-2022-40180

HistoryOct 11, 2022 - 11:15 a.m.

CVE-2022-40180

2022-10-1111:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cve

desigo pxm

pxg3

csrf

vulnerability

security

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application.

Affected configurations

NVD

Node

siemensdesigo_pxm30-1_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm30-1Match-

Node

siemensdesigo_pxm30.e_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm30.eMatch-

Node

siemensdesigo_pxm40-1_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm40-1Match-

Node

siemensdesigo_pxm40.e_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm40.eMatch-

Node

siemensdesigo_pxm50-1_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm50-1Match-

Node

siemensdesigo_pxm50.e_firmwareRange<02.20.126.11-41

AND

siemensdesigo_pxm50.eMatch-

Node

siemenspxg3.w100-1_firmwareRange<02.20.126.11-37

AND

siemenspxg3.w100-1Match-

Node

siemenspxg3.w100-2_firmwareRange<02.20.126.11-41

AND

siemenspxg3.w100-2Match-

Node

siemenspxg3.w200-1_firmwareRange<02.20.126.11-37

AND

siemenspxg3.w200-1Match-

Node

siemenspxg3.w200-2_firmwareRange<02.20.126.11-41

AND

siemenspxg3.w200-2Match-

CPENameOperatorVersion
siemens:desigo_pxm30-1_firmwaresiemens desigo pxm30-1 firmwarelt02.20.126.11-41

CPE	Name	Operator	Version
siemens:desigo_pxm30-1_firmware	siemens desigo pxm30-1 firmware	lt	02.20.126.11-41

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Desigo PXM30-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM30.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM40-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM40.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM50-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM50.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W100-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-37",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W100-2",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W200-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-37",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W200-2",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  }
]