Details of VAR-202205-0552

ID

VAR-202205-0552

CVE

CVE-2022-24039

TITLE

Siemens' desigo pxc5 firmware and desigo pxc4 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-009474

DESCRIPTION

A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator’s workstation. Siemens' desigo pxc5 firmware and desigo pxc4 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Desigo PXC4 building automation controller is designed for HVAC system control. It is a compact device with built-in IOs that can be expanded to your needs with additional TX-IO modules. The Desigo PXC5 is a freely programmable controller for BACnet system-level functions such as alarm routing, system-wide scheduling and trending, and device monitoring

Trust: 2.25

sources: NVD: CVE-2022-24039 // JVNDB: JVNDB-2022-009474 // CNVD: CNVD-2022-36379 // VULMON: CVE-2022-24039

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-36379

AFFECTED PRODUCTS

vendor:	siemens	model:	desigo pxc4	scope:	lt	version:	02.20.142.10-10884	Trust: 1.0
vendor:	siemens	model:	desigo pxc5	scope:	lt	version:	02.20.142.10-10884	Trust: 1.0
vendor:	シーメンス	model:	desigo pxc5	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	desigo pxc4	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	desigo pxc5	scope:	lt	version:	v02.20.142.10-10884	Trust: 0.6
vendor:	siemens	model:	desigo pxc4	scope:	lt	version:	v02.20.142.10-10884	Trust: 0.6

sources: CNVD: CNVD-2022-36379 // JVNDB: JVNDB-2022-009474 // NVD: CVE-2022-24039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24039
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-24039
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-36379
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-2788
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2022-24039
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-24039
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-36379
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-24039
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24039
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-36379 // VULMON: CVE-2022-24039 // JVNDB: JVNDB-2022-009474 // CNNVD: CNNVD-202205-2788 // NVD: CVE-2022-24039

PROBLEMTYPE DATA

problemtype:	CWE-75	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009474 // NVD: CVE-2022-24039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2788

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2788

PATCH

title:	Patch for Siemens Desigo PXC and DXR Devices Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/332611	Trust: 0.6
title:	Siemens Desigo PXC4 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=244007	Trust: 0.6

sources: CNVD: CNVD-2022-36379 // CNNVD: CNNVD-202205-2788

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24039	Trust: 3.9
db:	SIEMENS	id:	SSA-626968	Trust: 3.1
db:	ICS CERT	id:	ICSA-22-132-10	Trust: 1.5
db:	JVN	id:	JVNVU92977068	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009474	Trust: 0.8
db:	CNVD	id:	CNVD-2022-36379	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2349	Trust: 0.6
db:	CS-HELP	id:	SB2022051124	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2788	Trust: 0.6
db:	VULMON	id:	CVE-2022-24039	Trust: 0.1

sources: CNVD: CNVD-2022-36379 // VULMON: CVE-2022-24039 // JVNDB: JVNDB-2022-009474 // CNNVD: CNNVD-202205-2788 // NVD: CVE-2022-24039

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu92977068/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24039	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-10	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-626968.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2349	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-24039/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-10	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051124	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-10	Trust: 0.1

sources: CNVD: CNVD-2022-36379 // VULMON: CVE-2022-24039 // JVNDB: JVNDB-2022-009474 // CNNVD: CNNVD-202205-2788 // NVD: CVE-2022-24039

CREDITS

reported these vulnerabilities to CISA.,Andrea Palanca, of Nozomi Networks

Trust: 0.6

sources: CNNVD: CNNVD-202205-2788

SOURCES

db:	CNVD	id:	CNVD-2022-36379
db:	VULMON	id:	CVE-2022-24039
db:	JVNDB	id:	JVNDB-2022-009474
db:	CNNVD	id:	CNNVD-202205-2788
db:	NVD	id:	CVE-2022-24039

LAST UPDATE DATE

2024-11-23T21:50:29.890000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-36379	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2022-24039	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-009474	date:	2023-08-04T08:29:00
db:	CNNVD	id:	CNNVD-202205-2788	date:	2023-07-03T00:00:00
db:	NVD	id:	CVE-2022-24039	date:	2024-11-21T06:49:42.657

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-36379	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2022-24039	date:	2022-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-009474	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202205-2788	date:	2022-05-10T00:00:00
db:	NVD	id:	CVE-2022-24039	date:	2022-05-10T11:15:08.237