MEDIUM🇬🇧 English

CVE-2022-24043

CVSS 5.3v3.1pub. 2022-05-20upd. 2024-11-21

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Siemens Desigo Dxr2

    HW
    Siemens
    wszystkie wersje
  • Siemens Desigo Dxr2 Firmware

    OS
    Siemens
    < 01.21.142.5-22
  • Siemens Desigo Pxc3

    HW
    Siemens
    wszystkie wersje
  • Siemens Desigo Pxc3 Firmware

    OS
    Siemens
    < 01.21.142.4-18
  • Siemens Desigo Pxc4

    HW
    Siemens
    wszystkie wersje
  • Siemens Desigo Pxc4 Firmware

    OS
    Siemens
    < 02.20.142.10-10884
  • Siemens Desigo Pxc5

    HW
    Siemens
    wszystkie wersje
  • Siemens Desigo Pxc5 Firmware

    OS
    Siemens
    < 02.20.142.10-10884
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-24039CRITICAL9.0ten sam produkt

A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All vers...

CVE-2022-24042CRITICAL9.1ten sam produkt

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions...

CVE-2022-24044HIGH7.5ten sam produkt

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions...

CVE-2021-41545HIGH7.5ten sam produkt

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions...

CVE-2022-24045MEDIUM6.5ten sam produkt

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions...