Vulnerability in Desigo PXM Series and PXG3 Products by Siemens
CVE-2022-40182

8.8HIGH

Key Information:

Vendor: Siemens
Status: Desigo Pxm30-1; Desigo Pxm30.e; Desigo Pxm40-1; Desigo Pxm40.e
Vendor: CVE Published:; 11 October 2022

Summary

A significant vulnerability has been detected in several Siemens Desigo PXM and PXG3 products due to the embedded Chromium-based browser being executed with root privileges and the 'no-sandbox' option enabled. This configuration allows attackers to inject arbitrary JavaScript into operational graphics, enabling exploitation of various other known vulnerabilities related to the browser. Users are advised to review product documentation and update to the latest versions to mitigate associated risks.

Affected Version(s)

Desigo PXM30-1 All versions < V02.20.126.11-41

Desigo PXM30.E All versions < V02.20.126.11-41

Desigo PXM40-1 All versions < V02.20.126.11-41

References

https://cert-portal.siemens.com/productcert/pdf/ssa-36078...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 8, 2022