N/A

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

对路径名的限制不恰当(路径遍历)

Mitsubishi Electric GENESIS64 路径遍历漏洞

Mitsubishi Electric GENESIS64是日本三菱电机（Mitsubishi Electric）公司的一个 SCADA 套件。 Mitsubishi Electric GENESIS64 10.96至10.97.2版本存在安全漏洞，该漏洞源于其允许未经身份验证的攻击者通过让合法用户导入攻击者制作的项目包文件来创建、篡改或破坏任意文件实现路径遍历。

N/A

N/A