Lucene search

MitsubishiCVE-2022-40264

HistoryDec 14, 2022 - 12:15 a.m.

CVE-2022-40264

2022-12-1400:15:10

CWE-22

Mitsubishi

web.nvd.nist.gov

cve-2022-40264

path traversal

iconics

mitsubishi electric

genesis64

nvd

vulnerability

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

35.6%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.

Affected configurations

Nvd

Node

iconicsgenesis64Range10.96–10.97.2

VendorProductVersionCPE
iconicsgenesis64*cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iconics	genesis64	*	cpe:2.3:a:iconics:genesis64::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GENESIS64",
    "vendor": "ICONICS and Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions 10.96 to 10.97.2"
      }
    ]
  }
]

References

iconics.com/About/Security/CERT

jvn.jp/vu/JVNVU95858406/index.html

www.cisa.gov/uscert/ics/advisories/icsa-22-347-01

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

35.6%

JSON

Related for CVE-2022-40264