PILZ: Multiple products affected by ZipSlip
CVE-2022-40976

5.5MEDIUM

Key Information:

Vendor: Pilz
Status: Pascal; Pasconnect; Pasmotion; Pnozmulti Configurator
Vendor: CVE Published:; 24 November 2022

What is CVE-2022-40976?

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PAS4000 1.0.0 < 1.25.0

PAScal 1.0.0 <= 1.9.1

PASconnect 1.0.0 < 1.4.0

References

https://cert.vde.com/en/advisories/VDE-2022-044/

https://cert.vde.com/en/advisories/VDE-2022-045/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 24, 2022
Vulnerability Reserved
Sep 19, 2022

JSON

Pilz

What is CVE-2022-40976?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.