4 matches found
Siemens Desigo PXM Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-40177)
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
CVE-2022-40177
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
CVE-2022-40177
CVE-2022-40177 affects Siemens Desigo PXM devices (PXM30-1/30.E/40-1/40.E/50-1/50.E; PXG3.W100-1/2; PXG3.W200-1/2) where the Operation web application Axon interface can read device files with root privileges. The root cause is improper file-system access control via Axon queries, enabling a remo...
Siemens Desigo PXM Devices
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo PXM Devices Vulnerabilities: OS Command Injection, Exposure of Sensitive Information to an Unauthorized Actor, Cross-Site Scripting, Cross-Site Request Forgery, Improper...