cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-24044,https://securityvulnerability.io/vulnerability/CVE-2022-24044,Password Authentication Flaw in Desigo DXR2 and PXC Series by Siemens,"A critical vulnerability in multiple Desigo products from Siemens allows attackers to exploit weak authentication mechanisms. The affected versions of Desigo DXR2 and PXC series lack adequate protections against Password Spraying and Credential Stuffing attacks. An attacker can potentially identify valid usernames and then gain unauthorized access to accounts by executing targeted login attempts. This poses a significant threat to the security of systems using these products, enabling potential breaches and unauthorized control.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",7.5,HIGH,0.001290000043809414,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-24043,https://securityvulnerability.io/vulnerability/CVE-2022-24043,Username Enumeration Vulnerability in Siemens Desigo Products,"A vulnerability has been identified in Siemens' Desigo product line, affecting multiple versions of the DXR2, PXC3, PXC4, and PXC5 models. The issue arises from improper normalization of response times during login attempts, allowing a remote unauthenticated attacker to distinguish between successful and failed login attempts based on their timing. This could facilitate a username enumeration attack, enabling attackers to ascertain valid usernames and potentially facilitating further attacks on the system.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-24045,https://securityvulnerability.io/vulnerability/CVE-2022-24045,Session Cookie Vulnerability in Desigo Products from Siemens,"A vulnerability has been identified in Siemens Desigo products, allowing session cookies to be set without security attributes such as 'Secure', 'HttpOnly', or 'SameSite'. This oversight permits the transmission of session cookies via unencrypted HTTP, making it possible for attackers to intercept and capture sensitive data over the network. Implementing secure configurations is essential to prevent unauthorized access and protect critical information.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-24042,https://securityvulnerability.io/vulnerability/CVE-2022-24042,Session Management Vulnerability in Siemens Desigo Products,"A session management vulnerability in Siemens' Desigo products permits the web application to return an AuthToken that does not expire according to the defined auto logoff delay. This flaw allows attackers to capture the AuthToken and potentially reuse outdated session credentials or session IDs for unauthorized access. Affected versions include Desigo DXR2, PXC3, PXC4, and PXC5, making it critical for users to update to the latest versions to mitigate this risk. For detailed information, refer to the product certification document.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",9.1,CRITICAL,0.001290000043809414,false,,false,false,false,,false,false,2022-05-10T09:46:51.000Z,0
CVE-2022-24041,https://securityvulnerability.io/vulnerability/CVE-2022-24041,Weak Password Storage in Desigo DXR2 and PXC Series by Siemens,"A security issue has been discovered in Siemens Desigo DXR2 and PXC series products, where user password hashes are stored with insufficient iterations in PBKDF2. This allows users with profile access privileges to retrieve password hashes from other accounts, making it feasible for an attacker to conduct offline password cracking. Consequently, plaintext passwords of other users can be exposed, posing a significant risk to the security of user accounts.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-05-10T09:46:49.000Z,0
CVE-2022-24040,https://securityvulnerability.io/vulnerability/CVE-2022-24040,"Denial of Service Vulnerability in Desigo DXR2, PXC3, PXC4, and PXC5 by Siemens","A vulnerability exists in several Desigo products from Siemens, where the web application does not enforce an upper limit on the PBKDF2 key derivation cost factor during account creation or updates. This flaw allows attackers with user profile access to exploit the system by setting an excessively high cost factor, leading to significant CPU consumption and potentially causing a denial of service. Such attacks can severely impact system availability and performance.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,false,false,2022-05-10T09:46:48.000Z,0
CVE-2021-41545,https://securityvulnerability.io/vulnerability/CVE-2021-41545,BACnet Communication Disruption in Siemens Desigo Controllers,"A vulnerability exists in Siemens' Desigo controllers, where a specific BACnet protocol packet leads to a failure of the BACnet communication function. This results in the system entering an 'out of work' state and can cause the controller to revert to its factory settings, creating potential operational disruptions.",Siemens,"Desigo Dxr2,Desigo Pxc3,Desigo Pxc4,Desigo Pxc5",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2022-05-10T09:46:45.000Z,0