CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2022-033/	Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-24 10:15

Updated : 2023-11-07 03:52

NVD link : CVE-2022-40977

Mitre link : CVE-2022-40977

CVE.ORG link : CVE-2022-40977

JSON object : View

Products Affected

pilz

pmi_v507
pmi_v512_firmware
pmi_v815_firmware
pmi_v507_firmware
pmi_v704e
pmi_v707e_firmware
pmi_v807
pmi_v812
pmi_v704e_firmware
pmi_v707e
pmi_v807_firmware
pmi_v512
pmi_v812_firmware
pmi_v815
pasvisu

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-40977", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-11-24T10:15:11.013", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-033/", "tags": ["Mitigation", "Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.\n"}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de recorrido de ruta en Pilz PASvisu Server antes de la versi\u00f3n 1.12.0. Un atacante remoto no autenticado podr\u00eda utilizar un archivo de configuraci\u00f3n malicioso comprimido para activar escrituras de archivos arbitrarios (\"zip-slip\"). Las escrituras de archivos no afectan la confidencialidad ni la disponibilidad."}], "lastModified": "2023-11-07T03:52:39.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B10FE820-173A-4103-B00E-D13DB3235ED2", "versionEndExcluding": "1.12.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32E5232D-B387-4A65-BD0B-5F0BBE8DFBB6", "versionEndIncluding": "1.3.58"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1677FF33-C264-4F70-ACE2-442B14C9DD44"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CBDC853-67C9-420D-A5B2-3900D73152BE", "versionEndIncluding": "1.3.58"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8C2D1E52-8D8C-4E7B-B331-CFB88D809C84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F1F7350-B5E0-4E2D-8B98-2618EF22CC42", "versionEndExcluding": "2.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B44B262A-4AFC-4AB2-80E2-A81439E1F56C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2935B109-B66C-4B05-8641-FB3766BD1927", "versionEndExcluding": "2.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68868CD0-7299-4ADE-86BC-370CE78E9E65"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D150B08B-7B89-47DF-AE3D-CC8863D59679", "versionEndExcluding": "1.6.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F95BAA0F-813D-4F86-BE5B-AB9C58B01624"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "758565BF-4FA2-482C-BF64-A72B3ACD5E97", "versionEndExcluding": "1.6.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA9DF671-A70F-4D57-91F4-334B736B8DCC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7B3023-18D3-4AD0-9FD4-2BD8B883F283", "versionEndExcluding": "1.6.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "261C6F11-6A96-4219-9AF8-CF9E9088D469"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}