漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server or ICONICS suite server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 or ICONICS Suite mobile monitoring application and accessing the monitoring screen.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
ICONICS GENESIS64 路径遍历漏洞
Vulnerability Description
ICONICS GENESIS64是美国ICONICS公司的一款专为 Microsoft 操作系统设计的高级 HMI SCADA 解决方案套件。 ICONICS GENESIS64 10.97至10.97.1版本存在安全漏洞,该漏洞源于存在不恰当的限制路径名到受限目录( 路径遍历 )的漏洞,远程未认证的攻击者可以通过在GENESIS64移动监测应用交付监测屏幕的URL中嵌入一个恶意的URL参数并访问监测屏幕,从而访问GENESIS64服务器中的任意文件并泄露文件中存储的信息。
CVSS Information
N/A
Vulnerability Type
N/A