Publication Date: 2022-05-10
Last Update: 2022-05-10
Current Version: V1.0
CVSS v3.1 Base Score: 9.0

Affected Product and Versions Remediation
Desigo DXR2:
All versions < V01.21.142.5-22
only affected by CVE-2022-24040, CVE-2022-24041, CVE-2022-24042, CVE-2022-24043, CVE-2022-24044, CVE-2022-24045
Update to V01.21.142.5-22 or later version
Desigo PXC3:
All versions < V01.21.142.4-18
only affected by CVE-2022-24040, CVE-2022-24041, CVE-2022-24042, CVE-2022-24043, CVE-2022-24044, CVE-2022-24045
Update to V01.21.142.4-18 or later version
Desigo PXC4:
All versions < V02.20.142.10-10884
Update to V02.20.142.10-10884 or later version
Desigo PXC5:
All versions < V02.20.142.10-10884
Update to V02.20.142.10-10884 or later version

CVSS v3.1 Base Score 9.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-400: Uncontrolled Resource Consumption

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-916: Use of Password Hash With Insufficient Computational Effort

CVSS v3.1 Base Score 5.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-613: Insufficient Session Expiration

CVSS v3.1 Base Score 5.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-203: Observable Discrepancy

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-307: Improper Restriction of Excessive Authentication Attempts

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE: CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute

https://www.siemens.com/cert/advisories