Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code.

Published

2022-10-11T11:15:10.590

Last Modified

2024-11-21T07:21:00.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	desigo_pxm30-1_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	desigo_pxm30-1	-	No
Operating System	siemens	desigo_pxm30.e_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	desigo_pxm30.e	-	No
Operating System	siemens	desigo_pxm40-1_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	desigo_pxm40-1	-	No
Operating System	siemens	desigo_pxm40.e_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	desigo_pxm40.e	-	No
Operating System	siemens	desigo_pxm50-1_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	desigo_pxm50-1	-	No
Operating System	siemens	desigo_pxm50.e_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	desigo_pxm50.e	-	No
Operating System	siemens	pxg3.w100-1_firmware	< 02.20.126.11-37	Yes
Hardware	siemens	pxg3.w100-1	-	No
Operating System	siemens	pxg3.w100-2_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	pxg3.w100-2	-	No
Operating System	siemens	pxg3.w200-1_firmware	< 02.20.126.11-37	Yes
Hardware	siemens	pxg3.w200-1	-	No
Operating System	siemens	pxg3.w200-2_firmware	< 02.20.126.11-41	Yes
Hardware	siemens	pxg3.w200-2	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)