CVE-2022-40977
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
24/11/2022
Last modified:
07/11/2023
Description
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (&#39;zip-slip&#39;). File writes do not affect confidentiality or availability.<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:* | 1.12.0 (excluding) | |
| cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:* | 1.3.58 (including) | |
| cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:* | 1.3.58 (including) | |
| cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:* | 2.2.0 (excluding) | |
| cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:* | 2.2.0 (excluding) | |
| cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:* | 1.6.102 (excluding) | |
| cpe:2.3:h:pilz:pmi_v807:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:pilz:pmi_v812_firmware:*:*:*:*:*:*:*:* | 1.6.102 (excluding) | |
| cpe:2.3:h:pilz:pmi_v812:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:pilz:pmi_v815_firmware:*:*:*:*:*:*:*:* | 1.6.102 (excluding) | |
| cpe:2.3:h:pilz:pmi_v815:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page