6 matches found
CVE-2022-2106
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106
Elcomplus SmartICS Web HMI v2.3.4.0 exposes a relative path traversal due to insufficient filename validation. An authenticated administrator can specify arbitrary files, enabling potential exposure of sensitive data. Mitigation: upgrade to SmartICS 2.4 (patch released) and apply network/access c...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
Elcomplus SmartICS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus LLC Equipment: SmartICS Vulnerabilities: Improper Access Control, Relative Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...