admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-409xx/CVE-2022-40977.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

306 lines
8.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-40977",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-11-24T10:15:11.013",
"lastModified": "2024-11-21T07:22:20.607",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de recorrido de ruta en Pilz PASvisu Server antes de la versi\u00f3n 1.12.0. Un atacante remoto no autenticado podr\u00eda utilizar un archivo de configuraci\u00f3n malicioso comprimido para activar escrituras de archivos arbitrarios (\"zip-slip\"). Las escrituras de archivos no afectan la confidencialidad ni la disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12.0",
"matchCriteriaId": "B10FE820-173A-4103-B00E-D13DB3235ED2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.3.58",
"matchCriteriaId": "32E5232D-B387-4A65-BD0B-5F0BBE8DFBB6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1677FF33-C264-4F70-ACE2-442B14C9DD44"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.3.58",
"matchCriteriaId": "6CBDC853-67C9-420D-A5B2-3900D73152BE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2D1E52-8D8C-4E7B-B331-CFB88D809C84"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "0F1F7350-B5E0-4E2D-8B98-2618EF22CC42"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B262A-4AFC-4AB2-80E2-A81439E1F56C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "2935B109-B66C-4B05-8641-FB3766BD1927"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68868CD0-7299-4ADE-86BC-370CE78E9E65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.102",
"matchCriteriaId": "D150B08B-7B89-47DF-AE3D-CC8863D59679"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F95BAA0F-813D-4F86-BE5B-AB9C58B01624"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.102",
"matchCriteriaId": "758565BF-4FA2-482C-BF64-A72B3ACD5E97"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9DF671-A70F-4D57-91F4-334B736B8DCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.102",
"matchCriteriaId": "4C7B3023-18D3-4AD0-9FD4-2BD8B883F283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "261C6F11-6A96-4219-9AF8-CF9E9088D469"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-033/",
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-033/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink