CVE-2022-40181

Name of the Vulnerable Software and Affected Versions Desigo PXM30-1 versions prior to V02.20.126.11-41 Desigo PXM30.E versions prior to V02.20.126.11-41 Desigo PXM40-1 versions prior to V02.20.126.11-41 Desigo PXM40.E versions prior to V02.20.126.11-41 Desigo PXM50-1 versions prior to V02.20.126.11-41 Desigo PXM50.E versions prior to V02.20.126.11-41 PXG3.W100-1 versions prior to V02.20.126.11-37 PXG3.W100-2 versions prior to V02.20.126.11-41 PXG3.W200-1 versions prior to V02.20.126.11-37 PXG3.W200-2 versions prior to V02.20.126.11-41

Description The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions.

Recommendations For Desigo PXM30-1 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM30.E versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM40-1 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM40.E versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM50-1 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For Desigo PXM50.E versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For PXG3.W100-1 versions prior to V02.20.126.11-37, update to version V02.20.126.11-37 or later. For PXG3.W100-2 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later. For PXG3.W200-1 versions prior to V02.20.126.11-37, update to version V02.20.126.11-37 or later. For PXG3.W200-2 versions prior to V02.20.126.11-41, update to version V02.20.126.11-41 or later.