Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40976

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Published

2022-11-24T10:15:10.530

Last Modified

2024-11-21T07:22:20.460

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-22
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System pilz pas_4000 < 1.25.0 Yes
Hardware pilz pss_4000 - No
Application pliz pascal ≤ 1.9.1 Yes
Application pliz pasconnect < 1.4.0 Yes
Application pliz pasmotion < 1.4.1 Yes
Application pliz pnozmulti_configurator < 10.14.4 Yes
Application pliz pnozmulti_configurator < 11.2.0 Yes
References