Multiple vulnerabilities in Siemens Desigo PXC and DXR Devices
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2022-24040 CVE-2022-24041 CVE-2022-24042 CVE-2022-24043 CVE-2022-24044 CVE-2022-24045 CVE-2022-24039 CVE-2021-41545 |
| CWE-ID | CWE-400 CWE-916 CWE-613 CWE-203 CWE-307 CWE-614 CWE-20 CWE-248 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Desigo DXR2 Hardware solutions / Routers & switches, VoIP, GSM, etc Desigo PXC3 Hardware solutions / Routers & switches, VoIP, GSM, etc Desigo PXC4 Hardware solutions / Routers & switches, VoIP, GSM, etc Desigo PXC5 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU63056
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24040
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Password Hash With Insufficient Computational Effort
EUVDB-ID: #VU63061
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24041
CWE-ID:
CWE-916 - Use of Password Hash With Insufficient Computational Effort
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the web application stores the PBKDF2 derived key of users passwords with a low iteration count. A remote user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficient Session Expiration
EUVDB-ID: #VU63064
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24042
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Observable discrepancy
EUVDB-ID: #VU63067
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24043
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to observable discrepancy issue in the login functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Restriction of Excessive Authentication Attempts
EUVDB-ID: #VU63068
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24044
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
EUVDB-ID: #VU63069
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24045
CWE-ID:
CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes. A remote user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU63070
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24039
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to the "addCell" JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Uncaught Exception
EUVDB-ID: #VU63071
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41545
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncaught exception within the BACnet communication function. A remote attacker can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDesigo DXR2: before 01.21.142.5-22
Desigo PXC3: before 01.21.142.4-1
Desigo PXC4: before 02.20.142.10-10884
Desigo PXC5: before 02.20.142.10-10884
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
