What is CVE-2022-40976?

CVE-2022-40976 is a path traversal vulnerability in multiple Pilz products that allows an unauthenticated local attacker to trigger arbitrary file writes ('zip-slip').

How does CVE-2022-40976 affect Pilz Pas 4000?

CVE-2022-40976 affects Pilz Pas 4000 versions up to and excluding 1.25.0 and can be exploited by an unauthenticated local attacker.

Is Pilz Pss 4000 affected by CVE-2022-40976?

No, Pilz Pss 4000 is not affected by CVE-2022-40976.

What versions of Pliz Pascal are affected by CVE-2022-40976?

CVE-2022-40976 affects Pliz Pascal versions up to and including 1.9.1.

How can the Pilz Pnozmulti Configurator be affected by CVE-2022-40976?

CVE-2022-40976 affects Pliz Pnozmulti Configurator versions up to and excluding 10.14.4 and 11.2.0.

Vulnerability/
CVE-2022-40976

medium

5.5

CWE

24/11/2022

3/8/2024

CVE-2022-40976: PILZ: Multiple products affected by ZipSlip

First published: Thu Nov 24 2022(Updated: )

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
Pilz Pas 4000	<1.25.0
Pilz Pss 4000
Pliz Pascal	<=1.9.1
Pliz Pasconnect	<1.4.0
Pliz Pasmotion	<1.4.1
Pliz Pnozmulti Configurator	<10.14.4
Pliz Pnozmulti Configurator	<11.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-40976?
CVE-2022-40976 is a path traversal vulnerability in multiple Pilz products that allows an unauthenticated local attacker to trigger arbitrary file writes ('zip-slip').
How does CVE-2022-40976 affect Pilz Pas 4000?
CVE-2022-40976 affects Pilz Pas 4000 versions up to and excluding 1.25.0 and can be exploited by an unauthenticated local attacker.
Is Pilz Pss 4000 affected by CVE-2022-40976?
No, Pilz Pss 4000 is not affected by CVE-2022-40976.
What versions of Pliz Pascal are affected by CVE-2022-40976?
CVE-2022-40976 affects Pliz Pascal versions up to and including 1.9.1.
How can the Pilz Pnozmulti Configurator be affected by CVE-2022-40976?
CVE-2022-40976 affects Pliz Pnozmulti Configurator versions up to and excluding 10.14.4 and 11.2.0.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/pilz
canonical/pilz pas 4000
canonical/pilz pss 4000
vendor/pliz
canonical/pliz pascal
version/pliz pascal/1.9.1
canonical/pliz pasconnect
canonical/pliz pasmotion
canonical/pliz pnozmulti configurator

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.