CVE-2022-40977: PILZ: PASvisu and PMI affected by ZipSlip
First published: Thu Nov 24 2022(Updated: )
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pilz PASvisu | <1.12.0 | |
| Pilz Pmi V507 Firmware | <=1.3.58 | |
| Pilz Pmi V507 | ||
| Pilz Pmi V512 Firmware | <=1.3.58 | |
| Pilz Pmi V512 | ||
| Pilz Pmi V704e Firmware | <2.2.0 | |
| Pilz Pmi V704e | ||
| Pilz Pmi V707e Firmware | <2.2.0 | |
| Pilz Pmi V707e | ||
| Pilz Pmi V807 Firmware | <1.6.102 | |
| Pilz Pmi V807 | ||
| Pilz Pmi V812 Firmware | <1.6.102 | |
| Pilz Pmi V812 | ||
| Pilz Pmi V815 Firmware | <1.6.102 | |
| Pilz Pmi V815 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-40977?
CVE-2022-40977 is a path traversal vulnerability in Pilz PASvisu Server before version 1.12.0.
How does the CVE-2022-40977 vulnerability work?
The CVE-2022-40977 vulnerability allows an unauthenticated remote attacker to use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').
What is the severity of CVE-2022-40977?
CVE-2022-40977 has a severity rating of high (7.5).
Which software versions are affected by CVE-2022-40977?
Pilz PASvisu Server version before 1.12.0 is affected by CVE-2022-40977.
How can I fix CVE-2022-40977?
The recommended fix for CVE-2022-40977 is to upgrade Pilz PASvisu Server to version 1.12.0 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/pilz
- canonical/pilz pasvisu
- canonical/pilz pmi v507 firmware
- version/pilz pmi v507 firmware/1.3.58
- canonical/pilz pmi v507
- canonical/pilz pmi v512 firmware
- version/pilz pmi v512 firmware/1.3.58
- canonical/pilz pmi v512
- canonical/pilz pmi v704e firmware
- canonical/pilz pmi v704e
- canonical/pilz pmi v707e firmware
- canonical/pilz pmi v707e
- canonical/pilz pmi v807 firmware
- canonical/pilz pmi v807
- canonical/pilz pmi v812 firmware
- canonical/pilz pmi v812
- canonical/pilz pmi v815 firmware
- canonical/pilz pmi v815