Lucene search

PRIOn knowledge basePRION:CVE-2022-37122

HistoryAug 31, 2022 - 4:15 p.m.

Directory traversal

2022-08-3116:15:00

PRIOn knowledge base

www.prio-n.com

carel pcoweb

hvac bacnet gateway

firmware a2.1.0

application software 2.15.4a

directory traversal

7.5 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the ‘file’ GET parameter through the ‘logdownload.cgi’ Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

CPENameOperatorVersion
applicaeq2.154.97
applicaeq16.0.13020200
pcoweb_card_firmwareeq>= a2.1.0 AND <= b.2.1.0
pcoweb_hvac_bacnet_gatewayeq2.1.0

Name	Operator	Version
applica	eq	2.154.97
applica	eq	16.0.13020200
pcoweb_card_firmware	eq	>= a2.1.0 AND <= b.2.1.0
pcoweb_hvac_bacnet_gateway	eq	2.1.0

References

packetstormsecurity.com/files/167684/

www.zeroscience.mk/codes/carelpco_dir.txt

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php