File Read Vulnerability in Siemens Desigo PXM and PXG Series
CVE-2022-40177

5.7MEDIUM

Key Information:

Vendor: Siemens
Status: Desigo Pxm30-1; Desigo Pxm30.e; Desigo Pxm40-1; Desigo Pxm40.e
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-40177?

A vulnerability in the Siemens Desigo PXM and PXG series allows low-privileged remote attackers to execute specific Axon language queries that can read sensitive device files. This flaw grants unauthorized access to the file system, potentially exposing critical data and increasing the risk of further exploitation. Affected versions span multiple models, emphasizing the importance of timely updates to safeguard against possible attacks.

Affected Version(s)

Desigo PXM30-1 All versions < V02.20.126.11-41

Desigo PXM30.E All versions < V02.20.126.11-41

Desigo PXM40-1 All versions < V02.20.126.11-41

References

https://cert-portal.siemens.com/productcert/pdf/ssa-36078...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 8, 2022