CVE-2022-40182: CVE-2022-40182

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-40182

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “--no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

带着不必要的权限执行

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款Siemens产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens Desigo PX是德国西门子（Siemens）公司的一套楼宇自动化控制系统。 Siemens 多款产品存在安全漏洞，该漏洞源于设备嵌入式基于 Chromium 的浏览器以 root 身份启动，并带有“--no-sandbox”选项。攻击者可以在“Operation” 图形中添加任意 JavaScript 代码，并成功利用任意数量的已知漏洞来攻击基于 Chromium 的嵌入式浏览器版本。Desigo PXM30-1 V02.20.126.11-41 版本之前，Desigo PXM30.E

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Siemens	Desigo PXM30-1	All versions < V02.20.126.11-41	-
Siemens	Desigo PXM30.E	All versions < V02.20.126.11-41	-
Siemens	Desigo PXM40-1	All versions < V02.20.126.11-41	-
Siemens	Desigo PXM40.E	All versions < V02.20.126.11-41	-
Siemens	Desigo PXM50-1	All versions < V02.20.126.11-41	-
Siemens	Desigo PXM50.E	All versions < V02.20.126.11-41	-
Siemens	PXG3.W100-1	All versions < V02.20.126.11-37	-
Siemens	PXG3.W100-2	All versions < V02.20.126.11-41	-
Siemens	PXG3.W200-1	All versions < V02.20.126.11-37	-
Siemens	PXG3.W200-2	All versions < V02.20.126.11-41	-

II. Public POCs for CVE-2022-40182

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-40182

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Desigo PXM30-1

Same vendor: Siemens

Same weakness: CWE-250

V. Comments for CVE-2022-40182

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-40182

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-40182

III. Intelligence Information for CVE-2022-40182

IV. Related Vulnerabilities

V. Comments for CVE-2022-40182

Leave a comment