← Back

CVE-2022-40178

nvd nist
Published: Oct 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code.

Affected (10)

Siemens
10 products
Desigo Pxm30 1 Firmware
Desigo Pxm30.e Firmware
Desigo Pxm40 1 Firmware
Desigo Pxm40.e Firmware
Desigo Pxm50 1 Firmware
Desigo Pxm50.e Firmware
Pxg3.w100 1 Firmware
Pxg3.w100 2 Firmware
Pxg3.w200 1 Firmware
Pxg3.w200 2 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desigo Pxm30 1 Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Desigo Pxm30 1
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desigo Pxm30.e Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Desigo Pxm30.e
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desigo Pxm40 1 Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Desigo Pxm40 1
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desigo Pxm40.e Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Desigo Pxm40.e
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desigo Pxm50 1 Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Desigo Pxm50 1
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desigo Pxm50.e Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Desigo Pxm50.e
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pxg3.w100 1 Firmware
Before 02.20.126.11-37
Running on/withPlatform Versions
Siemens
Pxg3.w100 1
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pxg3.w100 2 Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Pxg3.w100 2
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pxg3.w200 1 Firmware
Before 02.20.126.11-37
Running on/withPlatform Versions
Siemens
Pxg3.w200 1
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pxg3.w200 2 Firmware
Before 02.20.126.11-41
Running on/withPlatform Versions
Siemens
Pxg3.w200 2
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: productcert@siemens.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.