CVE-2022-29834

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97 to 10.97.1

Description The issue allows a remote unauthenticated attacker to access arbitrary files in the GENESIS64 server and disclose information stored in the files. This is achieved by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and then accessing the monitoring screen.

Recommendations For ICONICS GENESIS64 versions 10.97 to 10.97.1, consider restricting access to the monitoring screen and avoid using malicious URL parameters until a patch is available. As a temporary workaround, restrict the use of the URL parameter in the monitoring screen to minimize the risk of exploitation.