Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.
CVSS Information
N/A
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
多款Siemens产品安全漏洞
Vulnerability Description
Siemens Desigo DXR2等都是德国西门子(Siemens)公司的一个楼宇自动化和控制产品。 Siemens Desigo PXC和 DXR 存在安全漏洞,未经授权的远程攻击者可访问系统上的敏感信息。以下产品及版本受到影响:Desigo DXR2 01.21.142.5-22之前版本,Desigo PXC3 01.21.142.4-1之前版本,Desigo PXC4 02.20.142.10-10884之前版本,Desigo PXC5 02.20.142.10-10884之前版本。
CVSS Information
N/A
Vulnerability Type
N/A