Vulnerability Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server or ICONICS suite server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 or ICONICS Suite mobile monitoring application and accessing the monitoring screen.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iconics | Genesis64 | 10.97 |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU96480474/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdfThird Party Advisory
- https://jvn.jp/vu/JVNVU96480474/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdfThird Party Advisory
FAQ
What is CVE-2022-29834?
CVE-2022-29834 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions G...
How severe is CVE-2022-29834?
CVE-2022-29834 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29834?
Check the references section above for vendor advisories and patch information. Affected products include: Iconics Genesis64.