CVE-2022-2106

Name of the Vulnerable Software and Affected Versions Elcomplus SmartICS version 2.3.4.0

Description The issue is related to insufficient filename validation, which allows authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. This can be exploited by a remote attacker using a specially crafted HTTP request, potentially leading to the disclosure of protected information and the substitution of arbitrary files.

Recommendations For Elcomplus SmartICS version 2.3.4.0, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of administrator-level users to reduce the potential impact of a path traversal attack.