CVE-2022-4778
MEDIUMStreamX 6.02.01-6.04.34 - Authenticated Path Traversal via Public Web Server Feature
Title source: llmDescription
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory release-notes
https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/streamx-release-notes/
Scores
CVSS v3
6.5
EPSS
0.0066
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
elvexys/streamx
6.02.01 - 6.04.34
Published
Dec 29, 2022
Tracked Since
Feb 18, 2026