Weak Password Storage in Desigo DXR2 and PXC Series by Siemens
CVE-2022-24041

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Desigo Dxr2; Desigo Pxc3; Desigo Pxc4; Desigo Pxc5
Vendor: CVE Published:; 10 May 2022

What is CVE-2022-24041?

A security issue has been discovered in Siemens Desigo DXR2 and PXC series products, where user password hashes are stored with insufficient iterations in PBKDF2. This allows users with profile access privileges to retrieve password hashes from other accounts, making it feasible for an attacker to conduct offline password cracking. Consequently, plaintext passwords of other users can be exposed, posing a significant risk to the security of user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Desigo DXR2 All versions < V01.21.142.5-22

Desigo PXC3 All versions < V01.21.142.4-18

Desigo PXC4 All versions < V02.20.142.10-10884

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62696...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Jan 27, 2022

JSON

Siemens