CVE-2022-37122

high-risk

Published 2022-08-31

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Do I need to act?

70.9% chance of exploitation in next 30 days

EPSS score — higher than 29% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (4)

Pcoweb Card Firmware

Applica

Pcoweb Hvac Bacnet Gateway

Affected Vendors

Carel

References (6)

Exploit https://packetstormsecurity.com/files/167684/

Exploit https://www.zeroscience.mk/codes/carelpco_dir.txt

Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php

Exploit https://packetstormsecurity.com/files/167684/

Exploit https://www.zeroscience.mk/codes/carelpco_dir.txt

Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php

/ 100

high-risk

Severity 26/34 · High

Exploitability 19/34 · Moderate

Exposure 10/34 · Low