CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm30-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm30-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm30.e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm30.e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm40-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm40-1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm40.e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm40.e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm50-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm50-1:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm50.e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm50.e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:pxg3.w100-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxg3.w100-1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:pxg3.w100-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxg3.w100-2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:pxg3.w200-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxg3.w200-1:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:pxg3.w200-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxg3.w200-2:-:*:*:*:*:*:*:*

Information

Published : 2022-10-11 04:15

Updated : 2022-10-12 09:42


NVD link : CVE-2022-40177

Mitre link : CVE-2022-40177


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

siemens

  • desigo_pxm40.e_firmware
  • desigo_pxm30-1
  • desigo_pxm50-1
  • desigo_pxm50.e
  • pxg3.w100-2
  • desigo_pxm50-1_firmware
  • desigo_pxm30.e_firmware
  • desigo_pxm40.e
  • pxg3.w100-1
  • pxg3.w200-1_firmware
  • pxg3.w100-2_firmware
  • pxg3.w100-1_firmware
  • pxg3.w200-2
  • desigo_pxm30.e
  • desigo_pxm50.e_firmware
  • desigo_pxm40-1_firmware
  • desigo_pxm30-1_firmware
  • pxg3.w200-2_firmware
  • desigo_pxm40-1
  • pxg3.w200-1