CVE-2022-24044
N/A
N/A
Summary
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Desigo DXR2 | All versions < V01.21.142.5-22 | affected |
| Siemens | Desigo PXC3 | All versions < V01.21.142.4-18 | affected |
| Siemens | Desigo PXC4 | All versions < V02.20.142.10-10884 | affected |
| Siemens | Desigo PXC5 | All versions < V02.20.142.10-10884 | affected |
Weaknesses
- CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.