CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2022-033/ Mitigation Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:*

Information

Published : 2022-11-24 02:15

Updated : 2023-01-12 22:15


NVD link : CVE-2022-40977

Mitre link : CVE-2022-40977


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

pilz

  • pmi_v507_firmware
  • pmi_v707e
  • pmi_v704e
  • pmi_v812_firmware
  • pmi_v812
  • pmi_v815
  • pmi_v512_firmware
  • pmi_v807_firmware
  • pmi_v707e_firmware
  • pmi_v807
  • pasvisu
  • pmi_v815_firmware
  • pmi_v704e_firmware
  • pmi_v507
  • pmi_v512