A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-033/ | Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
Summary | A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. |
13 Jan 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
12 Jan 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
01 Dec 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
Summary | A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. |
30 Nov 2022, 20:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:* cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-033/ - Mitigation, Third Party Advisory | |
First Time |
Pilz pmi V707e
Pilz pasvisu Pilz pmi V815 Firmware Pilz pmi V812 Firmware Pilz pmi V807 Firmware Pilz pmi V807 Pilz pmi V812 Pilz pmi V512 Firmware Pilz pmi V507 Pilz pmi V815 Pilz pmi V507 Firmware Pilz pmi V704e Pilz Pilz pmi V704e Firmware Pilz pmi V512 Pilz pmi V707e Firmware |
24 Nov 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-24 10:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40977
Mitre link : CVE-2022-40977
CVE.ORG link : CVE-2022-40977
JSON object : View
Products Affected
pilz
- pmi_v812_firmware
- pmi_v815_firmware
- pmi_v507_firmware
- pmi_v807_firmware
- pmi_v815
- pasvisu
- pmi_v507
- pmi_v707e_firmware
- pmi_v704e
- pmi_v807
- pmi_v812
- pmi_v704e_firmware
- pmi_v512_firmware
- pmi_v512
- pmi_v707e
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')