A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-044/ | Vendor Advisory |
https://cert.vde.com/en/advisories/VDE-2022-045/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
13 Jan 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
12 Jan 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
01 Dec 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
30 Nov 2022, 20:20
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-044/ - Vendor Advisory | |
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-045/ - Vendor Advisory | |
First Time |
Pliz pasmotion
Pilz pas 4000 Pliz Pilz pss 4000 Pilz Pliz pasconnect Pliz pascal Pliz pnozmulti Configurator |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:pliz:pnozmulti_configurator:*:*:*:*:-:*:*:* cpe:2.3:a:pliz:pnozmulti_configurator:*:*:*:*:long_term_support:*:*:* cpe:2.3:o:pilz:pas_4000:*:*:*:*:*:*:*:* cpe:2.3:a:pliz:pascal:*:*:*:*:*:*:*:* cpe:2.3:h:pilz:pss_4000:-:*:*:*:*:*:*:* cpe:2.3:a:pliz:pasconnect:*:*:*:*:*:*:*:* cpe:2.3:a:pliz:pasmotion:*:*:*:*:*:*:*:* |
24 Nov 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-24 10:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40976
Mitre link : CVE-2022-40976
CVE.ORG link : CVE-2022-40976
JSON object : View
Products Affected
pilz
- pas_4000
- pss_4000
pliz
- pascal
- pasmotion
- pasconnect
- pnozmulti_configurator
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')