Main Vulnerability Database Vulnerabilities #VU63068

#VU63068 Improper Restriction of Excessive Authentication Attempts in Siemens products - CVE-2022-24044

Published: May 11, 2022

Vulnerability identifier: #VU63068

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-24044

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Desigo DXR2
Desigo PXC3
Desigo PXC4
Desigo PXC5

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

#VU63068 Improper Restriction of Excessive Authentication Attempts in Siemens products - CVE-2022-24044

Description

Remediation

External links

Please verify you're human