Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Published

2022-11-24T10:15:11.013

Last Modified

2024-11-21T07:22:20.607

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pilz	pasvisu	< 1.12.0	Yes
Operating System	pilz	pmi_v507_firmware	≤ 1.3.58	Yes
Hardware	pilz	pmi_v507	-	No
Operating System	pilz	pmi_v512_firmware	≤ 1.3.58	Yes
Hardware	pilz	pmi_v512	-	No
Operating System	pilz	pmi_v704e_firmware	< 2.2.0	Yes
Hardware	pilz	pmi_v704e	-	No
Operating System	pilz	pmi_v707e_firmware	< 2.2.0	Yes
Hardware	pilz	pmi_v707e	-	No
Operating System	pilz	pmi_v807_firmware	< 1.6.102	Yes
Hardware	pilz	pmi_v807	-	No
Operating System	pilz	pmi_v812_firmware	< 1.6.102	Yes
Hardware	pilz	pmi_v812	-	No
Operating System	pilz	pmi_v815_firmware	< 1.6.102	Yes
Hardware	pilz	pmi_v815	-	No

References

https://cert.vde.com/en/advisories/VDE-2022-033/ Mitigation, Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2022-033/ Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)