VDE-2022-033

Vulnerability from csaf_pilzgmbhcokg - Published: 2022-11-24 09:00 - Updated: 2022-11-24 09:00
Summary
Pilz: PASvisu and PMI affected by multiple vulnerabilities
Notes
Summary: PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The PASvisu Server component contains multiple vulnerabilities which can be utilised to write arbitrary files, potentially leading to code execution.
Impact: The PASvisu Server provides an integrated web server which is also used to send the configuration from the PASvisu Builder to the server component. When receiving and processing a configuration, it does not properly check pathnames. If the PASvisu Server is not properly protected by setting an administration password, the listed vulnerabilities can be exploited by an attacker to write arbitrary files. In the worst case scenario this could lead to remote code execution.
Remediation: PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password. PASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.
CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vendor Fix PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password. PASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.
CVE-2022-25299

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-552 - Files or Directories Accessible to External Parties
Vendor Fix PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password. PASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product,\u00a0but it is also included in various models of the PMI product family. The PASvisu Server component\u00a0contains multiple vulnerabilities which can be utilised to write arbitrary files, potentially leading to\u00a0code execution.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The PASvisu Server provides an integrated web server which is also used to send the configuration\u00a0from the PASvisu Builder to the server component. When receiving and processing a configuration, it\u00a0does not properly check pathnames. If the PASvisu Server is not properly protected by setting an\u00a0administration password, the listed vulnerabilities can be exploited by an attacker to\u00a0write arbitrary files. In the worst case scenario this could lead to remote code execution.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password.\nPASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as\u00a0it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@pilz.com",
      "name": "Pilz GmbH \u0026 Co. KG",
      "namespace": "https://www.pilz.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2022-033: Pilz: PASvisu and PMI affected by multiple vulnerabilities - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-033/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-033: Pilz: PASvisu and PMI affected by multiple vulnerabilities - CSAF",
        "url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-033.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.pilz.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/pilz/"
      }
    ],
    "title": "Pilz: PASvisu and PMI affected by multiple vulnerabilities",
    "tracking": {
      "aliases": [
        "VDE-2022-033"
      ],
      "current_release_date": "2022-11-24T09:00:00.000Z",
      "generator": {
        "date": "2025-05-14T14:26:04.960Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.25"
        }
      },
      "id": "VDE-2022-033",
      "initial_release_date": "2022-11-24T09:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-11-24T09:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.12.0",
                    "product": {
                      "name": "PASvisu Software \u003c1.12.0",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PASvisu Software"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.3.58",
                    "product": {
                      "name": "PMI v5xx \u003c=1.3.58",
                      "product_id": "CSAFPID-51002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "265507"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PMI v5xx"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c2.2.0",
                    "product": {
                      "name": "PMI v7xx \u003c2.2.0",
                      "product_id": "CSAFPID-51003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "266704"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PMI v7xx"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.6.102",
                    "product": {
                      "name": "PMI v8xx \u003c1.6.102",
                      "product_id": "CSAFPID-51004",
                      "product_identification_helper": {
                        "model_numbers": [
                          "266807"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PMI v8xx"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Pilz"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-40977",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (\u0027zip-slip\u0027). File writes do not affect confidentiality or availability.\n",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password.\nPASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as\u00a0it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004"
          ]
        }
      ],
      "title": "CVE-2022-40977"
    },
    {
      "cve": "CVE-2022-25299",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "description",
          "text": "This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password.\nPASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as\u00a0it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004"
          ]
        }
      ],
      "title": "CVE-2022-25299"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.