CVE-2022-24044
Published: May 10, 2022
Modified: Aug 3, 2024
Description
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.
| Vendor | Product | Versions |
|---|---|---|
Siemens | Desigo DXR2 | affected All versions < V01.21.142.5-22 |
Siemens | Desigo PXC3 | affected All versions < V01.21.142.4-18 |
Siemens | Desigo PXC4 | affected All versions < V02.20.142.10-10884 |
Siemens | Desigo PXC5 | affected All versions < V02.20.142.10-10884 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now