Improper Input Neutralization in Desigo PXM and PXG Products by Siemens
CVE-2022-40178

5.4MEDIUM

Key Information:

Vendor

Siemens
Status
Desigo Pxm30-1
Desigo Pxm30.e
Desigo Pxm40-1
Desigo Pxm40.e
Vendor
CVE Published:
11 October 2022

What is CVE-2022-40178?

A vulnerability exists within Siemens Desigo products, specifically in the “Import Files” functionality of the “Operation” web application. This flaw stems from inadequate validation of file titles in the input package, allowing a low-privileged remote attacker to upload a specially crafted graphics package. This can lead to the execution of arbitrary JavaScript code on the affected system, potentially compromising its integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Desigo PXM30-1 All versions < V02.20.126.11-41

Desigo PXM30.E All versions < V02.20.126.11-41

Desigo PXM40-1 All versions < V02.20.126.11-41

References

https://cert-portal.siemens.com/productcert/pdf/ssa-36078...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.