CVE-2022-24041 - OpenCVE

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Desigo Pxc5 Firmware Desigo Pxc3 Desigo Dxr2 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Desigo Pxc5 Desigo Pxc4 Firmware Desigo Pxc4

Configuration 1 [-]

AND

cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-05-10T09:46:49

Updated: 2022-06-14T09:21:31

Reserved: 2022-01-27T00:00:00

Link: CVE-2022-24041

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-10T11:15:08.343

Modified: 2022-10-06T02:49:18.070

Link: CVE-2022-24041

JSON object: View

Redhat Information

No data.

CWE

CWE-916

{"containers": {"cna": {"affected": [{"product": "Desigo DXR2", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V01.21.142.5-22"}]}, {"product": "Desigo PXC3", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V01.21.142.4-18"}]}, {"product": "Desigo PXC4", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V02.20.142.10-10884"}]}, {"product": "Desigo PXC5", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V02.20.142.10-10884"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916: Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-14T09:21:31", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-24041", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Desigo DXR2", "version": {"version_data": [{"version_value": "All versions < V01.21.142.5-22"}]}}, {"product_name": "Desigo PXC3", "version": {"version_data": [{"version_value": "All versions < V01.21.142.4-18"}]}}, {"product_name": "Desigo PXC4", "version": {"version_data": [{"version_value": "All versions < V02.20.142.10-10884"}]}}, {"product_name": "Desigo PXC5", "version": {"version_data": [{"version_value": "All versions < V02.20.142.10-10884"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-916: Use of Password Hash With Insufficient Computational Effort"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-24041", "datePublished": "2022-05-10T09:46:49", "dateReserved": "2022-01-27T00:00:00", "dateUpdated": "2022-06-14T09:21:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B710014-DE57-43C2-9BFE-A4F8AF6542D5", "versionEndExcluding": "02.20.142.10-10884", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4E2A7F6-B6E5-4230-8F13-64745C434A71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D6AF5F-AD6D-4A30-9D72-31A3BA2A5DC3", "versionEndExcluding": "02.20.142.10-10884", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*", "matchCriteriaId": "0327220F-B5E6-4722-AEB2-BC4C21F1060D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7ABEE98-3FF4-4E7C-B1CD-0E5E56E437FF", "versionEndExcluding": "01.21.142.4-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*", "matchCriteriaId": "373009ED-3AE4-4F0B-940D-8E82668C3FF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B50EDDC-4B68-416E-B8BE-58399A90FE44", "versionEndExcluding": "01.21.142.5-22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*", "matchCriteriaId": "21EDDCD7-3B64-410E-A294-0F5F65849F4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Desigo DXR2 (Todas las versiones anteriores a V01.21.142.5-22), Desigo PXC3 (Todas las versiones anteriores a V01.21.142.4-18), Desigo PXC4 (Todas las versiones anteriores a V02.20.142.10-10884), Desigo PXC5 (Todas las versiones anteriores a V02.20.142.10-10884). La aplicaci\u00f3n web almacena la clave derivada PBKDF2 de las contrase\u00f1as de los usuarios con un bajo n\u00famero de iteraciones. Un atacante con privilegios de acceso al perfil de usuario puede recuperar los hashes de las contrase\u00f1as almacenadas de otras cuentas y luego realizar con \u00e9xito un ataque de cracking offline y recuperar las contrase\u00f1as en texto plano de otros usuarios"}], "id": "CVE-2022-24041", "lastModified": "2022-10-06T02:49:18.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-10T11:15:08.343", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-916"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-916"}], "source": "productcert@siemens.com", "type": "Secondary"}]}