CVE-2022-37122
Published: 31 August 2022
Summary
CVE-2022-37122 is a high-severity Path Traversal (CWE-22) vulnerability in Carel Applica. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Carel pCOWeb HVAC BACnet Gateway version 2.1.0, with firmware revisions A2.1.0 through B2.1.0 and application software 2.15.4A (v16 13020200), contains an unauthenticated arbitrary file disclosure vulnerability tracked as CVE-2022-37122. The flaw resides in the logdownload.cgi Bash script, which accepts a file parameter via HTTP GET without proper validation, allowing directory traversal sequences to retrieve arbitrary files on the device.
An unauthenticated remote attacker can supply crafted requests to the web interface and read sensitive configuration files, credentials, or other restricted content hosted on the gateway. The vulnerability carries a CVSS 3.1 score of 7.5, reflecting network-accessible exploitation with high confidentiality impact and no required privileges or user interaction.
Public references from Zero Science and Packet Storm document proof-of-concept exploits but contain no vendor statements on patches or mitigation steps. The associated EPSS score has remained at its recorded peak of 0.7093 without an observable climb from a lower baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-39775
Vulnerability details
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified…
more
before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.