CVE-2022-24044

Name of the Vulnerable Software and Affected Versions Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884

Description The issue is related to the lack of authentication attempt restrictions in the software of Desigo DXR2, PXC3, PXC4, and PXC5 modules. This could allow a remote attacker to gain unauthorized access to protected information by capturing lists of usernames and/or email addresses along with corresponding passwords. The login functionality does not employ countermeasures against Password Spraying or Credential Stuffing attacks, enabling an attacker to obtain valid usernames and then perform a precise attack to gain access to at least one account.

Recommendations For Desigo DXR2 versions prior to V01.21.142.5-22, update to version V01.21.142.5-22 or later to resolve the issue. For Desigo PXC3 versions prior to V01.21.142.4-18, update to version V01.21.142.4-18 or later to resolve the issue. For Desigo PXC4 versions prior to V02.20.142.10-10884, update to version V02.20.142.10-10884 or later to resolve the issue. For Desigo PXC5 versions prior to V02.20.142.10-10884, update to version V02.20.142.10-10884 or later to resolve the issue.