CVE-2022-24045
Published on: Not Yet Published
Last Modified on: 06/23/2023 07:48:00 PM UTC
Certain versions of Desigo Dxr2 from Siemens contain the following vulnerability:
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.
- CVE-2022-24045 has been assigned by
productc[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
Siemens - Desigo DXR2 version All versions < V01.21.142.5-22
- Affected Vendor/Software:
Siemens - Desigo PXC3 version All versions < V01.21.142.4-18
- Affected Vendor/Software:
Siemens - Desigo PXC4 version All versions < V02.20.142.10-10884
- Affected Vendor/Software:
Siemens - Desigo PXC5 version All versions < V02.20.142.10-10884
CVSS3 Score: 6.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
cert-portal.siemens.com application/pdf |
![]() |
Related QID Numbers
- 590968 Siemens Desigo PXC and DXR Devices (Update A) Multiple Vulnerabilities (ICSA-22-132-10) (ssa-662649) (ssa-626968)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware
| Siemens | Desigo Dxr2 | - | All | All | All |
Operating System | Siemens | Desigo Dxr2 Firmware | All | All | All | All |
Hardware
| Siemens | Desigo Pxc3 | - | All | All | All |
Operating System | Siemens | Desigo Pxc3 Firmware | All | All | All | All |
Hardware
| Siemens | Desigo Pxc4 | - | All | All | All |
Operating System | Siemens | Desigo Pxc4 Firmware | All | All | All | All |
Hardware
| Siemens | Desigo Pxc5 | - | All | All | All |
Operating System | Siemens | Desigo Pxc5 Firmware | All | All | All | All |
- cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*:
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-24045 : A vulnerability has been identified in Desigo DXR2 All versions < V01.21.142.5-22 , Desigo PXC3… twitter.com/i/web/status/1… | 2022-05-20 13:19:53 |