VYPR

Pnozmulti Configurator

by Pilz

CVEs (2)

  • CVE-2018-19009HigJan 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI…

  • CVE-2022-40976MedNov 24, 2022
    risk 0.36cvss 5.5epss 0.00

    A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.