CVE-2022-40264: Path Traversal
First published: Wed Dec 14 2022(Updated: )
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ICONICS GENESIS64 | >=10.96<=10.97.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-40264?
CVE-2022-40264 is an 'Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)' vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2.
What is the severity of CVE-2022-40264?
The severity of CVE-2022-40264 is high with a CVSS score of 7.1.
How can an attacker exploit CVE-2022-40264?
An unauthenticated attacker can exploit CVE-2022-40264 by getting a legitimate user to import a project package, allowing them to create, tamper with, or destroy arbitrary files.
Which software versions are affected by CVE-2022-40264?
ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 are affected by CVE-2022-40264.
How can I mitigate the impact of CVE-2022-40264?
To mitigate the impact of CVE-2022-40264, it is recommended to update to a version beyond 10.97.2 or apply the necessary security patches provided by ICONICS/Mitsubishi Electric.
- collector/nvd-index
- vendor/iconics
- canonical/iconics genesis64
- version/iconics genesis64/10.96
- version/iconics genesis64/10.97.2