Path Traversal Vulnerability in ICONICS GENESIS64 by Mitsubishi Electric
CVE-2022-40264

6.3MEDIUM

Key Information:

Vendor: Iconics And Mitsubishi Electric Corporation
Status: Genesis64
Vendor: CVE Published:; 14 December 2022

Summary

An improper limitation of a pathname to a restricted directory vulnerability exists in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2. This flaw allows an unauthenticated attacker to exploit the system by persuading a legitimate user into importing a specially crafted project package file. If successful, the attacker can create, modify, or delete arbitrary files within the system, leading to potential unauthorized access and manipulation of critical data.

Affected Version(s)

GENESIS64 versions 10.96 to 10.97.2

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://jvn.jp/vu/JVNVU95858406/index.html

https://iconics.com/About/Security/CERT

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Sep 8, 2022