cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-40176,https://securityvulnerability.io/vulnerability/CVE-2022-40176,Improper Neutralization in Siemens Desigo Products,"A vulnerability exists in Siemens Desigo products that allows for improper neutralization of special elements in an OS command during restoration operations. This weakness stems from inadequate validation of file names within the input package. A remote, low-privileged attacker can exploit this vulnerability by restoring a meticulously crafted package, thereby executing arbitrary system commands with root privileges. This could lead to complete system compromise, making timely remediation essential.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",8,HIGH,0.002219999907538295,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40178,https://securityvulnerability.io/vulnerability/CVE-2022-40178,Improper Input Neutralization in Desigo PXM and PXG Products by Siemens,"A vulnerability exists within Siemens Desigo products, specifically in the “Import Files” functionality of the “Operation” web application. This flaw stems from inadequate validation of file titles in the input package, allowing a low-privileged remote attacker to upload a specially crafted graphics package. This can lead to the execution of arbitrary JavaScript code on the affected system, potentially compromising its integrity.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40182,https://securityvulnerability.io/vulnerability/CVE-2022-40182,Vulnerability in Desigo PXM Series and PXG3 Products by Siemens,"A significant vulnerability has been detected in several Siemens Desigo PXM and PXG3 products due to the embedded Chromium-based browser being executed with root privileges and the 'no-sandbox' option enabled. This configuration allows attackers to inject arbitrary JavaScript into operational graphics, enabling exploitation of various other known vulnerabilities related to the browser. Users are advised to review product documentation and update to the latest versions to mitigate associated risks.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",8.8,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40177,https://securityvulnerability.io/vulnerability/CVE-2022-40177,File Read Vulnerability in Siemens Desigo PXM and PXG Series,"A vulnerability in the Siemens Desigo PXM and PXG series allows low-privileged remote attackers to execute specific Axon language queries that can read sensitive device files. This flaw grants unauthorized access to the file system, potentially exposing critical data and increasing the risk of further exploitation. Affected versions span multiple models, emphasizing the importance of timely updates to safeguard against possible attacks.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",5.7,MEDIUM,0.0012199999764561653,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40179,https://securityvulnerability.io/vulnerability/CVE-2022-40179,Cross-Site Request Forgery in Siemens Desigo Products,"A vulnerability exists in Siemens Desigo products where a Cross-Site Request Forgery flaw allows remote attackers to execute arbitrary Axon queries without authentication. This occurs due to inadequate anti-CSRF token validation in the web application's operation endpoints. Attackers can trick users into clicking on malicious links or visiting crafted web pages while they are logged into the application, thereby compromising the device.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",8.1,HIGH,0.0009599999757483602,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40181,https://securityvulnerability.io/vulnerability/CVE-2022-40181,Vulnerability in Siemens Desigo PXM and PXG Series Products,"A security flaw exists in various Siemens Desigo PXM and PXG series products where the embedded browser inadequately restricts interactions with alternative URI schemes. This vulnerability allows a remote attacker with low privileges to exploit this weakness by manipulating the homepage or redirecting users through JavaScript. As a result, they could read arbitrary files from the device's filesystem, execute malicious JavaScript that compromises user data, or even trigger denial of service conditions, raising serious concerns for system integrity and data privacy.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",8.3,HIGH,0.00203999993391335,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40180,https://securityvulnerability.io/vulnerability/CVE-2022-40180,Cross-Site Request Forgery Vulnerability in Siemens Desigo PXM and PXG Series,"A vulnerability has been found in Siemens Desigo PXM and PXG Series products, specifically in the 'Import Files' function of the 'Operation' web application. It stems from an absence of sufficient validation for anti-CSRF tokens. This flaw allows a remote, unauthenticated attacker to exploit the vulnerability by enticing a user to visit a malicious webpage while logged into the web application. Consequently, the attacker can upload and activate arbitrary JavaScript code on the device, potentially leading to unauthorized actions and compromise of the system.",Siemens,"Desigo Pxm30-1,Desigo Pxm30.e,Desigo Pxm40-1,Desigo Pxm40.e,Desigo Pxm50-1,Desigo Pxm50.e,Pxg3.w100-1,Pxg3.w100-2,Pxg3.w200-1,Pxg3.w200-2",5.3,MEDIUM,0.000750000006519258,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0