1. Home
  2. CVE Database
  3. CVE-2022-40180
MEDIUM · 5.3

CVE-2022-40180

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM4...

Vulnerability Description

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
SiemensDesigo Pxm30-1 Firmware< 02.20.126.11-41
SiemensDesigo Pxm30-1-
SiemensDesigo Pxm30.E Firmware< 02.20.126.11-41
SiemensDesigo Pxm30.E-
SiemensDesigo Pxm40-1 Firmware< 02.20.126.11-41
SiemensDesigo Pxm40-1-
SiemensDesigo Pxm40.E Firmware< 02.20.126.11-41
SiemensDesigo Pxm40.E-
SiemensDesigo Pxm50-1 Firmware< 02.20.126.11-41
SiemensDesigo Pxm50-1-
SiemensDesigo Pxm50.E Firmware< 02.20.126.11-41
SiemensDesigo Pxm50.E-
SiemensPxg3.W100-1 Firmware< 02.20.126.11-37
SiemensPxg3.W100-1-
SiemensPxg3.W100-2 Firmware< 02.20.126.11-41
SiemensPxg3.W100-2-
SiemensPxg3.W200-1 Firmware< 02.20.126.11-37
SiemensPxg3.W200-1-
SiemensPxg3.W200-2 Firmware< 02.20.126.11-41
SiemensPxg3.W200-2-

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2022-40180?

CVE-2022-40180 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM4...

How severe is CVE-2022-40180?

CVE-2022-40180 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40180?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Desigo Pxm30-1 Firmware, Siemens Desigo Pxm30-1, Siemens Desigo Pxm30.E Firmware, Siemens Desigo Pxm30.E, Siemens Desigo Pxm40-1 Firmware.