Unrated severityNVD Advisory· Published May 10, 2022· Updated Aug 3, 2024

CVE-2022-24041

Description

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.

Affected products

Siemens/Desigo DXR2v5
Range: All versions < V01.21.142.5-22
Siemens Foundation/Desigo PXC00-E.Dcpe-rescue3 versions
All versions < V01.21.142.4-18+ 2 more
- (no CPE)range: All versions < V01.21.142.4-18
- (no CPE)range: All versions < V02.20.142.10-10884
- (no CPE)range: All versions < V02.20.142.10-10884

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000