CVE-2022-40977

Name of the Vulnerable Software and Affected Versions Pilz PASvisu Server versions prior to 1.12.0

Description A path traversal vulnerability was discovered, allowing an unauthenticated remote attacker to use a zipped, malicious configuration file to trigger arbitrary file writes, also known as 'zip-slip'. This issue does not affect confidentiality or availability.

Recommendations For versions prior to 1.12.0, update to version 1.12.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of zipped configuration files to minimize the risk of exploitation.