PILZ: PASvisu and PMI affected by ZipSlip
CVE-2022-40977

7.5HIGH

Key Information:

Vendor: Pilz
Status: Pasvisu; Pmi V5xx (265507 + 265512); Pmi V7xx (266704 + 266707); Pmi V8xx (266807, 266812, 266815)
Vendor: CVE Published:; 24 November 2022

What is CVE-2022-40977?

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PASvisu 1.0.0 < 1.12.0

PMI v5xx (265507 + 265512) 1.0.0 <= 1.3.58

PMI v7xx (266704 + 266707) 1.0.0 < 2.2.0

References

https://cert.vde.com/en/advisories/VDE-2022-033/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 24, 2022
Vulnerability Reserved
Sep 19, 2022

JSON

Pilz

What is CVE-2022-40977?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.