QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-24042

Back to search

CVE-2022-24042

Published: May 10, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization.

VendorProductVersions

Siemens

Desigo DXR2

affected
All versions < V01.21.142.5-22

Siemens

Desigo PXC3

affected
All versions < V01.21.142.4-18

Siemens

Desigo PXC4

affected
All versions < V02.20.142.10-10884

Siemens

Desigo PXC5

affected
All versions < V02.20.142.10-10884

Weaknesses (CWE)

CWE-613

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now