Vulnerability Details CVE-2022-40976
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.2%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2022-40976
-
cpe:2.3:a:pliz:pascal:*
-
cpe:2.3:a:pliz:pasconnect:*
-
cpe:2.3:a:pliz:pasmotion:*
-
cpe:2.3:a:pliz:pnozmulti_configurator:*
-
cpe:2.3:h:pilz:pss_4000:-
-
cpe:2.3:o:pilz:pas_4000:*