CVE-2022-29834

2022-07-2017:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-29834

path traversal

iconics genesis64

security vulnerability

remote attack

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

Affected configurations

NVD

Node

iconicsgenesis64Match10.97

iconicsgenesis64Match10.97.1

CPENameOperatorVersion
iconics:genesis64iconics genesis64eq10.97
iconics:genesis64iconics genesis64eq10.97.1

CPE	Name	Operator	Version
iconics:genesis64	iconics genesis64	eq	10.97
iconics:genesis64	iconics genesis64	eq	10.97.1

CNA Affected

[
  {
    "product": "ICONICS GENESIS64",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ICONICS GENESIS64 versions 10.97 to 10.97.1"
      }
    ]
  }
]