CVE-2022-40264
MEDIUMGENESIS64 10.96-10.97.2 - Unauthenticated Path Traversal via Crafted Project Package Import
Title source: llmDescription
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.
References (4)
Core 4
Core References
Vendor Advisory
https://iconics.com/About/Security/CERT
Third Party Advisory
https://jvn.jp/vu/JVNVU95858406/index.html
Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-01
Mitigation, Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf
Scores
CVSS v3
6.3
EPSS
0.0030
EPSS Percentile
21.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
iconics/genesis64
10.96 - 10.97.2
Published
Dec 14, 2022
Tracked Since
Feb 18, 2026