CVE-2022-24042 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
siemens	desigo_pxc5_firmware	𝑥 < 02.20.142.10-10884
siemens	desigo_pxc4_firmware	𝑥 < 02.20.142.10-10884
siemens	desigo_pxc3_firmware	𝑥 < 01.21.142.4-18
siemens	desigo_dxr2_firmware	𝑥 < 01.21.142.5-22

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-613 - Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References

https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf