Siemens products code execution | CVE-2022-40181
NAME
Siemens products code execution
- Platforms Affected:
Siemens Desigo PXM30-1 02.20.126.11-40
Siemens Desigo PXM30.E 02.20.126.11-40
Siemens Desigo PXM40-1 02.20.126.11-40
Siemens Desigo PXM40.E 02.20.126.11-40
Siemens Desigo PXM50-1 02.20.126.11-40
Siemens Desigo PXM50.E 02.20.126.11-40
Siemens PXG3.W100-1 02.20.126.11-35
Siemens PXG3.W100-2 02.20.126.11-35
Siemens PXG3.W200-1 02.20.126.11-35
Siemens PXG3.W200-2 02.20.126.11-35 - Risk Level:
8.3 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Siemens products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by interaction with alternative URI schemes when redirected to corresponding resources by web application code by the device-embedded browser. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, an attacker could exploit this vulnerability to execute arbitrary code on the system, manipulate information on the screen, or cause a denial of service.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Siemens Security Advisory SSA-360783 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf - Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-286-06
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
