CVE-2022-29834

{"id": "CVE-2022-29834", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-20T17:15:08.043", "references": [{"url": "https://jvn.jp/vu/JVNVU96480474/index.html", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://jvn.jp/vu/JVNVU96480474/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server or ICONICS suite server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 or ICONICS Suite mobile monitoring application and accessing the monitoring screen."}, {"lang": "es", "value": "La vulnerabilidad de Limitaci\u00f3n Inapropiada de un Nombre de Ruta a un Directorio Restringido (\"Salto de Ruta\") en ICONICS GENESIS64 versiones 10.97 a 10.97.1, permite a un atacante remoto no autenticado acceder a archivos arbitrarios en el servidor de GENESIS64 y divulgar informaci\u00f3n almacenada en los archivos al insertar un par\u00e1metro de URL malicioso en la URL de la pantalla de monitorizaci\u00f3n entregada a la aplicaci\u00f3n de monitorizaci\u00f3n m\u00f3vil GENESIS64 y acceder a la pantalla de monitorizaci\u00f3n"}], "lastModified": "2026-01-09T05:15:49.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44D3F652-C916-4395-BD11-AECDDF960D45"}, {"criteria": "cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D89798E-910C-4C3F-9385-D9B7CA921091"}], "operator": "OR"}]}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}