CVE-2022-40977
24.11.2022, 10:15
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
| Vendor | Product | Version |
|---|---|---|
| pilz | pasvisu | 𝑥 < 1.12.0 |
| pilz | pmi_v507_firmware | 𝑥 ≤ 1.3.58 |
| pilz | pmi_v512_firmware | 𝑥 ≤ 1.3.58 |
| pilz | pmi_v704e_firmware | 𝑥 < 2.2.0 |
| pilz | pmi_v707e_firmware | 𝑥 < 2.2.0 |
| pilz | pmi_v807_firmware | 𝑥 < 1.6.102 |
| pilz | pmi_v812_firmware | 𝑥 < 1.6.102 |
| pilz | pmi_v815_firmware | 𝑥 < 1.6.102 |
𝑥
= Vulnerable software versions