Path Traversal Vulnerability in ICONICS GENESIS64 by Mitsubishi Electric
CVE-2022-29834

7.5HIGH

Key Information:

Vendor: Iconics
Status: Iconics Genesis64
Vendor: CVE Published:; 20 July 2022

What is CVE-2022-29834?

A vulnerability in ICONICS GENESIS64 versions 10.97 and 10.97.1 allows remote unauthenticated attackers to exploit improper pathname limitations. By embedding a crafted URL parameter in the monitoring screen, attackers can gain access to arbitrary files on the GENESIS64 server, potentially disclosing sensitive information stored within. This exposes the system to significant security risks, necessitating immediate attention and remediation.

Affected Version(s)

ICONICS GENESIS64 ICONICS GENESIS64 versions 10.97 to 10.97.1

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

x_refsource_MISC

https://jvn.jp/vu/JVNVU96480474/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2022
Vulnerability Reserved
Apr 27, 2022

Iconics

What is CVE-2022-29834?

Affected Version(s)

References

CVSS V3.1

Timeline