What is CVE-2022-24045?

CVE-2022-24045 is a vulnerability in Siemens Desigo Dxr2, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. Published 2022-05-10.

Is CVE-2022-24045 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Siemens Desigo Dxr2

CVE-2022-24045

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The appl…

EPSS: 0.009 (76.6th percentile) — read the EPSS interpretation.

Affected products

Siemens Desigo Dxr2 — versions All versions < V01.21.142.5-22
Siemens Desigo Pxc3 — versions All versions < V01.21.142.4-18
Siemens Desigo Pxc4 — versions All versions < V02.20.142.10-10884
Siemens Desigo Pxc5 — versions All versions < V02.20.142.10-10884

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Public proof-of-concept exploits

References

cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24045?: CVE-2022-24045 is a vulnerability in Siemens Desigo Dxr2, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. Published 2022-05-10.
Is CVE-2022-24045 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.