CVE-2022-40182

🗓️ 11 Oct 2022 00:00:00Reported by siemensType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 50 Views

Vulnerability in Desigo PXM/40/50-1/50.E, PXG3.W100/200-1/2 (V02.20.126.11-41). Embedded browser launched as root with "--no-sandbox" allows arbitrary JavaScript code execution

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2022-40182	11 Oct 202211:15	–	attackerkb
Circl	CVE-2022-40182	11 Oct 202214:25	–	circl
CNNVD	多款Siemens产品安全漏洞	11 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-40182	11 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-43485	3 Oct 202520:07	–	euvd
ICS	Siemens Desigo PXM Devices	11 Oct 202200:00	–	ics
NVD	CVE-2022-40182	11 Oct 202211:15	–	nvd
Prion	Design/Logic Flaw	11 Oct 202211:15	–	prion
RedhatCVE	CVE-2022-40182	23 May 202500:39	–	redhatcve
Tenable Nessus	Siemens Desigo PXM Devices Execution with Unnecessary Privileges (CVE-2022-40182)	25 Jan 202300:00	–	nessus

NVD

Node

siemens desigo_pxm30-1_firmwareRange<02.20.126.11-41

AND

siemens desigo_pxm30-1Match-

Node

siemens desigo_pxm30.e_firmwareRange<02.20.126.11-41

AND

siemens desigo_pxm30.eMatch-

Node

siemens desigo_pxm40-1_firmwareRange<02.20.126.11-41

AND

siemens desigo_pxm40-1Match-

Node

siemens desigo_pxm40.e_firmwareRange<02.20.126.11-41

AND

siemens desigo_pxm40.eMatch-

Node

siemens desigo_pxm50-1_firmwareRange<02.20.126.11-41

AND

siemens desigo_pxm50-1Match-

Node

siemens desigo_pxm50.e_firmwareRange<02.20.126.11-41

AND

siemens desigo_pxm50.eMatch-

Node

siemens pxg3.w100-1_firmwareRange<02.20.126.11-37

AND

siemens pxg3.w100-1Match-

Node

siemens pxg3.w100-2_firmwareRange<02.20.126.11-41

AND

siemens pxg3.w100-2Match-

Node

siemens pxg3.w200-1_firmwareRange<02.20.126.11-37

AND

siemens pxg3.w200-1Match-

Node

siemens pxg3.w200-2_firmwareRange<02.20.126.11-41

AND

siemens pxg3.w200-2Match-

[
  {
    "vendor": "Siemens",
    "product": "Desigo PXM30-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM30.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM40-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM40.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM50-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM50.E",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W100-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-37",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W100-2",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W200-1",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-37",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "PXG3.W200-2",
    "versions": [
      {
        "version": "All versions < V02.20.126.11-41",
        "status": "affected"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf

21 Nov 2024 07:21Current

8.5High risk

Vulners AI Score8.5

CVSS 3.18.8

EPSS0.00598

CWE-250