FKIE_CVE-2022-24041

Vulnerability from fkie_nvd - Published: 2022-05-10 11:15 - Updated: 2024-11-21 06:49
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfVendor Advisory
Impacted products
Vendor Product Version
siemens desigo_pxc5_firmware *
siemens desigo_pxc5 -
siemens desigo_pxc4_firmware *
siemens desigo_pxc4 -
siemens desigo_pxc3_firmware *
siemens desigo_pxc3 -
siemens desigo_dxr2_firmware *
siemens desigo_dxr2 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B710014-DE57-43C2-9BFE-A4F8AF6542D5",
              "versionEndExcluding": "02.20.142.10-10884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E2A7F6-B6E5-4230-8F13-64745C434A71",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D6AF5F-AD6D-4A30-9D72-31A3BA2A5DC3",
              "versionEndExcluding": "02.20.142.10-10884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0327220F-B5E6-4722-AEB2-BC4C21F1060D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7ABEE98-3FF4-4E7C-B1CD-0E5E56E437FF",
              "versionEndExcluding": "01.21.142.4-18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "373009ED-3AE4-4F0B-940D-8E82668C3FF3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B50EDDC-4B68-416E-B8BE-58399A90FE44",
              "versionEndExcluding": "01.21.142.5-22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EDDCD7-3B64-410E-A294-0F5F65849F4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Desigo DXR2 (Todas las versiones anteriores a V01.21.142.5-22), Desigo PXC3 (Todas las versiones anteriores a V01.21.142.4-18), Desigo PXC4 (Todas las versiones anteriores a V02.20.142.10-10884), Desigo PXC5 (Todas las versiones anteriores a V02.20.142.10-10884). La aplicaci\u00f3n web almacena la clave derivada PBKDF2 de las contrase\u00f1as de los usuarios con un bajo n\u00famero de iteraciones. Un atacante con privilegios de acceso al perfil de usuario puede recuperar los hashes de las contrase\u00f1as almacenadas de otras cuentas y luego realizar con \u00e9xito un ataque de cracking offline y recuperar las contrase\u00f1as en texto plano de otros usuarios"
    }
  ],
  "id": "CVE-2022-24041",
  "lastModified": "2024-11-21T06:49:42.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-10T11:15:08.343",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-916"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-916"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.