3 matches found
Siemens Desigo PXC and DXR Devices Failure to Sanitize Special Elements Into a Different Plane (CVE-2022-24039)
A vulnerability has been identified in Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The addCell JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such th...
CVE-2022-24039
creationtimestamp| type| source ---|---|--- 2022-05-10 14:43:05+00:00| seen| https://t.me/cibsecurity/42229...
CVE-2022-24039
The CVE-2022-24039 vulnerability affects Siemens Desigo PXC4 (pre-2.20.142.10-10884) and Desigo PXC5 (pre-2.20.142.10-10884). The addCell JavaScript function does not properly sanitize user-controlled input when building the XML for XLS reports, allowing injection of arbitrary content (e.g., XML ...