This can then be used to control the device operating system, install software, capture screenshots, etc. Depending on the web application and operating system version, this can also grant full access to the device. The vulnerability has been assigned the Common Vulnerability and Exposure classification code CVE-2018-5374 and is rated as a High severity. Desigo PXM30-1 (All versions V02.20.126.11-41), Desigo PXM30.E (All versions V02.20.126.11-41), Desigo PXM40-1 (All versions V02.20.126.11-41), Desigo PXM40.E (All versions V02.20.126.11-41), Desigo PXM50-1 (All versions V02.20.126.11-41), Desigo PXM50.E (All versions V02.20.126.11-41) are prone to Cross-Site Request Forgery vulnerability due to the lack of any form of CSRF prevention or protection. This results in a potential for remote code execution. DESIO PXM50.E (All versions V02.20.126.11-41) are possible targets for hackers who wish to install malicious code on the device. An attacker can use this to spy on the user, record keystrokes, obtain sensitive information, or do anything else that can be gained through a
Summary of the CVE-2018-5374
This vulnerability can be exploited by hackers to gain full access to the device. For example, an attacker can use this to spy on the user, record keystrokes, obtain sensitive information, or do anything else that can be gained through a malicious Cross-Site Request Forgery attack.
Desigo PXM50.E (All versions V02.20.126.11-41) are possible targets for hackers who wish to install malicious code on the device and exploit this vulnerability in order to gain full access to the machine.
Timeline
Published on: 10/11/2022 11:15:00 UTC
Last modified on: 10/12/2022 16:47:00 UTC