3 matches found
Siemens Desigo PXC and DXR Devices Insufficient Session Expiration (CVE-2022-24042)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
CVE-2022-24042
CVE-2022-24042 affects Siemens Desigo DXR2, PXC3, PXC4, and PXC5 devices. The vulnerability is that the web application AuthToken does not expire after the defined auto logoff delay, enabling an attacker to capture a token and reuse old session credentials or session IDs for authorization. Affect...