Path Traversal Vulnerability in ICONICS GENESIS64 by Mitsubishi Electric
CVE-2022-29834

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric

Status
Genesis64
Iconics Suite
Vendor
CVE Published:
20 July 2022

What is CVE-2022-29834?

A vulnerability in ICONICS GENESIS64 versions 10.97 and 10.97.1 allows remote unauthenticated attackers to exploit improper pathname limitations. By embedding a crafted URL parameter in the monitoring screen, attackers can gain access to arbitrary files on the GENESIS64 server, potentially disclosing sensitive information stored within. This exposes the system to significant security risks, necessitating immediate attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GENESIS64 Versions 10.97 to 10.97.1

GENESIS64 Versions 10.97 to 10.97.1

ICONICS Suite Versions 10.97 to 10.97.1

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU96480474/index.html
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-22-2...
government-resource

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.