Vulnerabilities > CVE-2022-40977 - Unspecified vulnerability in Pilz products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

pilz

NVD

Published: 2022-11-24

Updated: 2024-11-21

Summary

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Vulnerable Configurations

Part	Description	Count
Application	Pilz Pilz Pasvisu 1.8.0 Pilz Pasvisu 1.9.0 Pilz Pasvisu 1.10.0 Pilz Pasvisu 1.11.0	4
OS	Pilz Pilz PMI V507 Firmware - Pilz PMI V507 Firmware 1.3.58 Pilz PMI V512 Firmware - Pilz PMI V512 Firmware 1.3.58 Pilz PMI V704E Firmware - Pilz PMI V707E Firmware - Pilz PMI V807 Firmware - Pilz PMI V812 Firmware - Pilz PMI V815 Firmware -	9
Hardware	Pilz Pilz PMI V507 - Pilz PMI V512 - Pilz PMI V704E - Pilz PMI V707E - Pilz PMI V807 - Pilz PMI V812 - Pilz PMI V815 -	7

Summary

Vulnerable Configurations

References