CVE-2022-40177

Name of the Vulnerable Software and Affected Versions Desigo PXM30-1 versions prior to V02.20.126.11-41 Desigo PXM30.E versions prior to V02.20.126.11-41 Desigo PXM40-1 versions prior to V02.20.126.11-41 Desigo PXM40.E versions prior to V02.20.126.11-41 Desigo PXM50-1 versions prior to V02.20.126.11-41 Desigo PXM50.E versions prior to V02.20.126.11-41 PXG3.W100-1 versions prior to V02.20.126.11-37 PXG3.W100-2 versions prior to V02.20.126.11-41 PXG3.W200-1 versions prior to V02.20.126.11-37 PXG3.W200-2 versions prior to V02.20.126.11-41

Description A remote low-privileged attacker can read sensitive files on the device by supplying specific I/O related Axon queries to the "Operation" web application endpoints that interpret and execute Axon language queries, allowing file read access to the device file system with root privileges.

Recommendations For Desigo PXM30-1 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM30.E versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM40-1 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM40.E versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM50-1 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM50.E versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For PXG3.W100-1 versions prior to V02.20.126.11-37, update to version V02.20.126.11-37 or later. For PXG3.W100-2 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For PXG3.W200-1 versions prior to V02.20.126.11-37, update to version V02.20.126.11-37 or later. For PXG3.W200-2 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later.