mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
354 lines
11 KiB
JSON
354 lines
11 KiB
JSON
{
|
|
"id": "CVE-2022-40177",
|
|
"sourceIdentifier": "productcert@siemens.com",
|
|
"published": "2022-10-11T11:15:10.533",
|
|
"lastModified": "2024-11-21T07:21:00.130",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the \u201cOperation\u201d web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha identificado una vulnerabilidad en Desigo PXM30-1 (Todas las versiones anteriores a V02.20.126.11-41), Desigo PXM30.E (Todas las versiones anteriores a V02.20.126.11-41), Desigo PXM40-1 (Todas las versiones anteriores a V02.20.126.11-41), Desigo PXM40.E (Todas las versiones anteriores a V02.20.126.11-41), Desigo PXM50-1 (Todas las versiones anteriores a V02. 20.126.11-41), Desigo PXM50.E (Todas las versiones anteriores a V02.20.126.11-41), PXG3.W100-1 (Todas las versiones anteriores a V02.20.126.11-37), PXG3.W100-2 (Todas las versiones anteriores a V02.20.126.11-41), PXG3.W200-1 (Todas las versiones anteriores a V02.20.126.11-37), PXG3.W200-2 (Todas las versiones anteriores a V02.20.126.11-41). Los endpoints de la aplicaci\u00f3n web \"Operaci\u00f3n\" que interpretan y ejecutan consultas en lenguaje Axon permiten el acceso de lectura de archivos al sistema de archivos del dispositivo privilegiado de root. Al suministrar consultas espec\u00edficas de Axon relacionadas con la E/S, un atacante remoto poco privilegiado puede leer archivos confidenciales en el dispositivo"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
|
|
"baseScore": 5.7,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.1,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "productcert@siemens.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:desigo_pxm30-1_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "EA01FD1D-3B4F-44CB-85D5-D88190B264A3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:desigo_pxm30-1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "837673FE-DBBB-496A-8A6F-0C53BC5F2EAD"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:desigo_pxm30.e_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "863709BC-3A74-49E5-80F3-7E0227BD3403"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:desigo_pxm30.e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60A4FA01-FD7F-451F-8BEB-2BF01A2DF9B6"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:desigo_pxm40-1_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "1B63901A-F3B7-4232-973F-7E162608FEA0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:desigo_pxm40-1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DA0AA432-2A2C-4A03-86C5-560592562653"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:desigo_pxm40.e_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "87180ACC-C1ED-4F20-9460-1AFD53D28CA2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:desigo_pxm40.e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A0517B82-90A9-4A0F-8B57-70F2A679DC95"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:desigo_pxm50-1_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "E14C8DD3-9FA4-497F-9F9F-235C8D2DEFA5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:desigo_pxm50-1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0BBE6D5C-A3AF-4191-A283-805B834D9475"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:desigo_pxm50.e_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "663CD9F1-2455-4B73-9081-4FA3A1FD46D3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:desigo_pxm50.e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CECB9D5A-2654-4DE5-91CF-59DB43776FBC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:pxg3.w100-1_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-37",
|
|
"matchCriteriaId": "D5C23DFD-0362-4554-9761-3D684796C0DC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:pxg3.w100-1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C9805AE4-F07B-45F6-A1DD-53544E8AE681"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:pxg3.w100-2_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "01049ABF-EAD0-4B8D-B54C-3424B435635A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:pxg3.w100-2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4924B858-7BB5-464F-B6E5-133B987FF122"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:pxg3.w200-1_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-37",
|
|
"matchCriteriaId": "5FB1F863-2762-4839-A601-248BC0F8B6D5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:pxg3.w200-1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CCA20E3-2425-4004-801F-46898ACDA2CD"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:pxg3.w200-2_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "02.20.126.11-41",
|
|
"matchCriteriaId": "0903929A-B47C-4E75-A6B6-1DB4B118F64C"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:siemens:pxg3.w200-2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "14AE1458-8F82-4F6D-987D-4F22AF5E8056"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf",
|
|
"source": "productcert@siemens.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |