CVE-2022-40977 PILZ: PASvisu and PMI affected by ZipSlip

🗓️ 24 Nov 2022 09:20:22Reported by CERTVDEType

PILZ PASvisu Server path traversal vul

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2022-40977	24 Nov 202212:28	–	circl
CNNVD	Pilz PASvisu 路径遍历漏洞	24 Nov 202200:00	–	cnnvd
CVE	CVE-2022-40977	24 Nov 202209:20	–	cve
EUVD	EUVD-2022-44223	3 Oct 202520:07	–	euvd
NVD	CVE-2022-40977	24 Nov 202210:15	–	nvd
Prion	Path traversal	24 Nov 202210:15	–	prion
Positive Technologies	PT-2022-25647 · Pilz · Pasvisu Server	24 Nov 202200:00	–	ptsecurity
Vulnrichment	CVE-2022-40977 PILZ: PASvisu and PMI affected by ZipSlip	24 Nov 202209:20	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "PASvisu",
    "vendor": "PILZ",
    "versions": [
      {
        "lessThan": "1.12.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PMI v5xx (265507 + 265512)",
    "vendor": "PILZ",
    "versions": [
      {
        "lessThanOrEqual": "1.3.58",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PMI v7xx (266704 + 266707)",
    "vendor": "PILZ",
    "versions": [
      {
        "lessThan": "2.2.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PMI v8xx (266807, 266812, 266815)",
    "vendor": "PILZ",
    "versions": [
      {
        "lessThan": "1.6.102",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2022-033/

13 Jan 2023 05:59Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.5

EPSS0.00855

CWE-22