CVE-2022-40264 Information

Description

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.

Reference

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf https://jvn.jp/vu/JVNVU95858406/index.html https://iconics.com/About/Security/CERT https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-01