CVE-2022-40977

{"id": "CVE-2022-40977", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-11-24T10:15:11.013", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-033/", "tags": ["Mitigation", "Third Party Advisory"], "source": "info@cert.vde.com"}, {"url": "https://cert.vde.com/en/advisories/VDE-2022-033/", "tags": ["Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.\n"}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de recorrido de ruta en Pilz PASvisu Server antes de la versi\u00f3n 1.12.0. Un atacante remoto no autenticado podr\u00eda utilizar un archivo de configuraci\u00f3n malicioso comprimido para activar escrituras de archivos arbitrarios (\"zip-slip\"). Las escrituras de archivos no afectan la confidencialidad ni la disponibilidad."}], "lastModified": "2024-11-21T07:22:20.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B10FE820-173A-4103-B00E-D13DB3235ED2", "versionEndExcluding": "1.12.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32E5232D-B387-4A65-BD0B-5F0BBE8DFBB6", "versionEndIncluding": "1.3.58"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1677FF33-C264-4F70-ACE2-442B14C9DD44"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CBDC853-67C9-420D-A5B2-3900D73152BE", "versionEndIncluding": "1.3.58"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8C2D1E52-8D8C-4E7B-B331-CFB88D809C84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F1F7350-B5E0-4E2D-8B98-2618EF22CC42", "versionEndExcluding": "2.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B44B262A-4AFC-4AB2-80E2-A81439E1F56C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2935B109-B66C-4B05-8641-FB3766BD1927", "versionEndExcluding": "2.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68868CD0-7299-4ADE-86BC-370CE78E9E65"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D150B08B-7B89-47DF-AE3D-CC8863D59679", "versionEndExcluding": "1.6.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F95BAA0F-813D-4F86-BE5B-AB9C58B01624"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "758565BF-4FA2-482C-BF64-A72B3ACD5E97", "versionEndExcluding": "1.6.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA9DF671-A70F-4D57-91F4-334B736B8DCC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7B3023-18D3-4AD0-9FD4-2BD8B883F283", "versionEndExcluding": "1.6.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "261C6F11-6A96-4219-9AF8-CF9E9088D469"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}