Unrated severityNVD Advisory· Published May 10, 2022· Updated Aug 3, 2024

CVE-2022-24040

Description

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.

Affected products

Siemens/Desigo DXR2v5
Range: All versions < V01.21.142.5-22
Siemens Foundation/Desigo PXC00-E.Dcpe-rescue3 versions
All versions < V01.21.142.4-18+ 2 more
- (no CPE)range: All versions < V01.21.142.4-18
- (no CPE)range: All versions < V02.20.142.10-10884
- (no CPE)range: All versions < V02.20.142.10-10884

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000