CVE-2022-24043 - OpenCVE

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Desigo Pxc5 Firmware Desigo Pxc3 Desigo Dxr2 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Desigo Pxc5 Desigo Pxc4 Firmware Desigo Pxc4

Configuration 1 [-]

AND

cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-05-10T09:46:53

Updated: 2022-06-14T09:21:33

Reserved: 2022-01-27T00:00:00

Link: CVE-2022-24043

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-20T13:15:14.483

Modified: 2022-06-01T15:13:07.437

Link: CVE-2022-24043

JSON object: View

Redhat Information

No data.

CWE

CWE-203

{"containers": {"cna": {"affected": [{"product": "Desigo DXR2", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V01.21.142.5-22"}]}, {"product": "Desigo PXC3", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V01.21.142.4-18"}]}, {"product": "Desigo PXC4", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V02.20.142.10-10884"}]}, {"product": "Desigo PXC5", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V02.20.142.10-10884"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203: Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-14T09:21:33", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-24043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Desigo DXR2", "version": {"version_data": [{"version_value": "All versions < V01.21.142.5-22"}]}}, {"product_name": "Desigo PXC3", "version": {"version_data": [{"version_value": "All versions < V01.21.142.4-18"}]}}, {"product_name": "Desigo PXC4", "version": {"version_data": [{"version_value": "All versions < V02.20.142.10-10884"}]}}, {"product_name": "Desigo PXC5", "version": {"version_data": [{"version_value": "All versions < V02.20.142.10-10884"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-203: Observable Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-24043", "datePublished": "2022-05-10T09:46:53", "dateReserved": "2022-01-27T00:00:00", "dateUpdated": "2022-06-14T09:21:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B50EDDC-4B68-416E-B8BE-58399A90FE44", "versionEndExcluding": "01.21.142.5-22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*", "matchCriteriaId": "21EDDCD7-3B64-410E-A294-0F5F65849F4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7ABEE98-3FF4-4E7C-B1CD-0E5E56E437FF", "versionEndExcluding": "01.21.142.4-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*", "matchCriteriaId": "373009ED-3AE4-4F0B-940D-8E82668C3FF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D6AF5F-AD6D-4A30-9D72-31A3BA2A5DC3", "versionEndExcluding": "02.20.142.10-10884", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*", "matchCriteriaId": "0327220F-B5E6-4722-AEB2-BC4C21F1060D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B710014-DE57-43C2-9BFE-A4F8AF6542D5", "versionEndExcluding": "02.20.142.10-10884", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4E2A7F6-B6E5-4230-8F13-64745C434A71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Desigo DXR2 (Todas las versiones anteriores a V01.21.142.5-22), Desigo PXC3 (Todas las versiones anteriores a V01.21.142.4-18), Desigo PXC4 (Todas las versiones anteriores a V02.20.142.10-10884), Desigo PXC5 (Todas las versiones anteriores a V02.20.142.10-10884). La funcionalidad de inicio de sesi\u00f3n de la aplicaci\u00f3n falla al normalizar los tiempos de respuesta de los intentos de inicio de sesi\u00f3n llevados a cabo con nombres de usuario err\u00f3neos con los ejecutados con nombres de usuario correctos. Un atacante remoto no autenticado podr\u00eda explotar esta informaci\u00f3n del canal lateral para llevar a cabo un ataque de enumeraci\u00f3n de nombres de usuario e identificar nombres de usuario v\u00e1lidos"}], "id": "CVE-2022-24043", "lastModified": "2022-06-01T15:13:07.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-20T13:15:14.483", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "productcert@siemens.com", "type": "Secondary"}]}