Lucene search
K

5 matches found

BDU FSTEC
BDU FSTEC
added 2022/05/18 12:0 a.m.4 views

The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules Desigo PXC4 and PXC5 allows a hacker to execute arbitrary code by injecting specially crafted XML into the XLS report file.

The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules, Desigo PXC4 and PXC5, is related to errors during the elimination of special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

9CVSS8.1AI score0.0177EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/05/10 11:15 a.m.3 views

CVE-2022-24039

A vulnerability has been identified in Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The “addCell” JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such...

9CVSS7.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/10 11:15 a.m.1 views

CVE-2022-24042

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...

9.1CVSS5.4AI score0.00899EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.5 views

PT-2022-2567 · Siemens · Desigo Pxc4 +1

Name of the Vulnerable Software and Affected Versions: Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified in the addCell JavaScript function, which fails to properly sanitize user-controllable input...

9CVSS9.2AI score0.0177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.5 views

PT-2022-3425 · Siemens · Desigo Pxc4 +3

Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified i...

9.1CVSS9.1AI score0.00899EPSS
Exploits0References5
Rows per page
Query Builder