Lucene search
Chris Anastasio and Steven Seeley of Incite TeamZDI-22-1042HistoryAug 03, 2022 - 12:00 a.m.
ICONICS GENESIS64 colorpalletes Directory Traversal Information Disclosure Vulnerability
2022-08-0300:00:00
Chris Anastasio and Steven Seeley of Incite Team
www.zerodayinitiative.com
13
iconics genesis64
colorpalletes
directory traversal
information disclosure
vulnerability
authentication
flaw
endpoint
path parameter
file operations
stored credentials
compromise
EPSS
0.003
Percentile
68.6%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the colorpalletes endpoint. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
Related
prion
prion
Path traversal
2022-07-20 17:15:00
cvelist
cvelist
CVE-2022-29834
2022-07-20 16:48:46
cnvd
cnvd
ICONICS GENESIS64 Path Traversal Vulnerability
2022-07-22 00:00:00
nvd
nvd
CVE-2022-29834
2022-07-20 17:15:08
cve
cve
CVE-2022-29834
2022-07-20 17:15:08
ics
ics
ICONICS Suite and Mitsubishi Electric MC Works64 Products
2022-07-26 12:00:00