1. Home
  2. CVE Database
  3. CVE-2022-40177
MEDIUM · 5.7

CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM4...

Vulnerability Description

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SiemensDesigo Pxm30-1 Firmware< 02.20.126.11-41
SiemensDesigo Pxm30-1-
SiemensDesigo Pxm30.E Firmware< 02.20.126.11-41
SiemensDesigo Pxm30.E-
SiemensDesigo Pxm40-1 Firmware< 02.20.126.11-41
SiemensDesigo Pxm40-1-
SiemensDesigo Pxm40.E Firmware< 02.20.126.11-41
SiemensDesigo Pxm40.E-
SiemensDesigo Pxm50-1 Firmware< 02.20.126.11-41
SiemensDesigo Pxm50-1-
SiemensDesigo Pxm50.E Firmware< 02.20.126.11-41
SiemensDesigo Pxm50.E-
SiemensPxg3.W100-1 Firmware< 02.20.126.11-37
SiemensPxg3.W100-1-
SiemensPxg3.W100-2 Firmware< 02.20.126.11-41
SiemensPxg3.W100-2-
SiemensPxg3.W200-1 Firmware< 02.20.126.11-37
SiemensPxg3.W200-1-
SiemensPxg3.W200-2 Firmware< 02.20.126.11-41
SiemensPxg3.W200-2-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2022-40177?

CVE-2022-40177 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM4...

How severe is CVE-2022-40177?

CVE-2022-40177 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40177?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Desigo Pxm30-1 Firmware, Siemens Desigo Pxm30-1, Siemens Desigo Pxm30.E Firmware, Siemens Desigo Pxm30.E, Siemens Desigo Pxm40-1 Firmware.