Nozomi Network Labs
Siemens PXC4.E16 Session Cookie Attribute Issues – CVE-2022-24045
Siemens PXC4.E16 Lack of anti-Password Spraying and Credential Stuffing Mechanism – CVE-2022-24044
The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.
Siemens PXC4.E16 Username Enumeration through Response Timing – CVE-2022-24043
The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.
Siemens PXC4.E16 Insufficient Session Expiration – CVE-2022-24042
The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization.
Siemens PXC4.E16 Weak PBKDF2 Default Cost Factor – CVE-2022-24041
The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.
Siemens PXC4.E16 DoS through Insufficiently-Constrained PBKDF2 Cost Factor – CVE-2022-24040
The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.
Siemens PXC4.E16 XLS Injection – CVE-2022-24039
uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID – CVE-2022-30295
Valmet DNA Remote Code Execution – CVE-2021-26726
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517 allows an attacker to execute commands with SYSTEM privileges.
Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.