CVE-2022-40182 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.

This issue is related to the fact that the embedded Chromium-based browser does not have any sort of validation or input sanitization protection. The vulnerability is present in the PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1, PXM50.E, PXG3.W100-1, PXG3.W100-2, PXG3.W200-1, PXG3.W200-2 devices with firmware versions  V02.20.126.11-41. The updated firmware versions are as follows: PXM30-1: V02.20.126.11-41, V02.20.126.11-43, V02.20.126.11-44 PXM30.E: V02.20.126.11-41, V02.20.126.11-43, V02.20.126.11-44 PXM40-1: V02.20.126.11-41, V02.20.126.11-43, V02.20.126.11-44 PXM40.E: V02.20.126.11-41, V02.20.126.11-43, V02.20.126.11-44 PXM50-1: V02.20.126.11

PXM50.E

This issue is related to the fact that the embedded Chromium-based browser does not have any sort of validation or input sanitization protection. The vulnerability is present in the PXM50-1, PXM50.E, PXG3.W100-1, PXG3.W200-2 devices with firmware versions V02.20.126.11-41, V02.20.126.11-43, V02.20.126.11-44

Timeline

Published on: 10/11/2022 11:15:00 UTC
Last modified on: 10/12/2022 15:45:00 UTC

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40182