1. Home
  2. CVE Database
  3. CVE-2022-40977
HIGH · 7.5

CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes...

Vulnerability Description

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
PilzPasvisu< 1.12.0
PilzPmi V507 Firmware<= 1.3.58
PilzPmi V507-
PilzPmi V512 Firmware<= 1.3.58
PilzPmi V512-
PilzPmi V704E Firmware< 2.2.0
PilzPmi V704E-
PilzPmi V707E Firmware< 2.2.0
PilzPmi V707E-
PilzPmi V807 Firmware< 1.6.102
PilzPmi V807-
PilzPmi V812 Firmware< 1.6.102
PilzPmi V812-
PilzPmi V815 Firmware< 1.6.102
PilzPmi V815-

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2022-40977?

CVE-2022-40977 is a vulnerability with a CVSS score of 7.5 (HIGH). A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes...

How severe is CVE-2022-40977?

CVE-2022-40977 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40977?

Check the references section above for vendor advisories and patch information. Affected products include: Pilz Pasvisu, Pilz Pmi V507 Firmware, Pilz Pmi V507, Pilz Pmi V512 Firmware, Pilz Pmi V512.