Lucene search

NCSC.chCVE-2022-4778

HistoryDec 29, 2022 - 12:15 a.m.

CVE-2022-4778

2022-12-2900:15:08

CWE-22

NCSC.ch

web.nvd.nist.gov

cve-2022-4778

streamx

path traversal

vulnerability

file access

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server’s filesystem.
StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Affected configurations

Nvd

Node

elvexysstreamxRange6.02.01–6.04.34

VendorProductVersionCPE
elvexysstreamx*cpe:2.3:a:elvexys:streamx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elvexys	streamx	*	cpe:2.3:a:elvexys:streamx::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "StreamX",
    "vendor": "elvexys",
    "versions": [
      {
        "lessThanOrEqual": "6.04.34",
        "status": "affected",
        "version": "6.02.01",
        "versionType": "patch"
      }
    ]
  }
]

References

elvexys.com/products/xpg-gateway-rtu-protocol-converter/streamx-release-notes/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

Related for CVE-2022-4778