CVE-2022-24043

Name of the Vulnerable Software and Affected Versions Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884

Description A vulnerability has been identified in the login functionality of the application, where it fails to normalize the response times of login attempts performed with wrong usernames and the ones executed with correct usernames. This allows a remote unauthenticated attacker to exploit this side-channel information and perform a username enumeration attack to identify valid usernames. The vulnerability is related to the disclosure of information through inconsistency, which can allow an attacker to gain unauthorized access to protected information by intercepting user name lists.

Recommendations For Desigo DXR2 versions prior to V01.21.142.5-22, update to version V01.21.142.5-22 or later. For Desigo PXC3 versions prior to V01.21.142.4-18, update to version V01.21.142.4-18 or later. For Desigo PXC4 versions prior to V02.20.142.10-10884, update to version V02.20.142.10-10884 or later. For Desigo PXC5 versions prior to V02.20.142.10-10884, update to version V02.20.142.10-10884 or later.