CVE-2022-40977

Summary

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Affected Software

VendorProductVersion RangeStatus
PILZPASvisu1.0.0 < 1.12.0affected
PILZPMI v5xx (265507 + 265512)1.0.0 <= 1.3.58affected
PILZPMI v7xx (266704 + 266707)1.0.0 < 2.2.0affected
PILZPMI v8xx (266807, 266812, 266815)1.0.0 < 1.6.102affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References