CVE-2022-40182
N/A
Summary
A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “–no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Desigo PXM30-1 | All versions < V02.20.126.11-41 | affected |
| Siemens | Desigo PXM30.E | All versions < V02.20.126.11-41 | affected |
| Siemens | Desigo PXM40-1 | All versions < V02.20.126.11-41 | affected |
| Siemens | Desigo PXM40.E | All versions < V02.20.126.11-41 | affected |
| Siemens | Desigo PXM50-1 | All versions < V02.20.126.11-41 | affected |
| Siemens | Desigo PXM50.E | All versions < V02.20.126.11-41 | affected |
| Siemens | PXG3.W100-1 | All versions < V02.20.126.11-37 | affected |
| Siemens | PXG3.W100-2 | All versions < V02.20.126.11-41 | affected |
| Siemens | PXG3.W200-1 | All versions < V02.20.126.11-37 | affected |
| Siemens | PXG3.W200-2 | All versions < V02.20.126.11-41 | affected |
Weaknesses
- CWE-250: CWE-250: Execution with Unnecessary Privileges
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.