{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T22:06:15.001","vulnerabilities":[{"cve":{"id":"CVE-2022-24045","sourceIdentifier":"productcert@siemens.com","published":"2022-05-20T13:15:14.600","lastModified":"2024-11-21T06:49:43.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en Desigo DXR2 (Todas las versiones anteriores a V01.21.142.5-22), Desigo PXC3 (Todas las versiones anteriores a V01.21.142.4-18), Desigo PXC4 (Todas las versiones anteriores a V02.20.142.10-10884), Desigo PXC5 (Todas las versiones anteriores a V02.20.142.10-10884). La aplicación, tras un inicio de sesión con éxito, establece la cookie de sesión en el navegador por medio de código JavaScript del lado del cliente, sin aplicar ningún atributo de seguridad (como \"Secure\", \"HttpOnly\" o \"SameSite\"). Cualquier intento de navegar por la aplicación por medio del protocolo HTTP sin cifrar conllevaría a una transmisión de todas sus cookies de sesión en texto plano mediante la red. Un atacante podría entonces ser capaz de husmear en la red y capturar información confidencial"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-614"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-311"},{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"01.21.142.5-22","matchCriteriaId":"5B50EDDC-4B68-416E-B8BE-58399A90FE44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*","matchCriteriaId":"21EDDCD7-3B64-410E-A294-0F5F65849F4E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"01.21.142.4-18","matchCriteriaId":"D7ABEE98-3FF4-4E7C-B1CD-0E5E56E437FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*","matchCriteriaId":"373009ED-3AE4-4F0B-940D-8E82668C3FF3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"02.20.142.10-10884","matchCriteriaId":"84D6AF5F-AD6D-4A30-9D72-31A3BA2A5DC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*","matchCriteriaId":"0327220F-B5E6-4722-AEB2-BC4C21F1060D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"02.20.142.10-10884","matchCriteriaId":"7B710014-DE57-43C2-9BFE-A4F8AF6542D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*","matchCriteriaId":"C4E2A7F6-B6E5-4230-8F13-64745C434A71"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf","source":"productcert@siemens.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}