CVE-2022-29834

2022-07-2017:15:08

CWE-22

[email protected]

web.nvd.nist.gov

vulnerability

path traversal

iconics genesis64

remote attack

access

arbitrary files

disclosure

malicious url

monitoring screen

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.6%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

Affected configurations

Nvd

Node

iconicsgenesis64Match10.97

iconicsgenesis64Match10.97.1

VendorProductVersionCPE
iconicsgenesis6410.97cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
iconicsgenesis6410.97.1cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:*