CVE-2022-40264 MEDIUM

CVE-2022-40264

Vendor Iconics And Mitsubishi Electric Corporation
Product GENESIS64
Weakness CWE-22 · Path traversal
Published December 13, 2022
Last update April 18, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.

Key dates

02Disclosure timeline

December 13, 2022 CVE published
April 18, 2025 Record updated