cbcvebase.
CVE-2022-37122
published 2022-08-31

CVE-2022-37122: Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated…

PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
18.19%
96.8th percentile
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Affected

4 ranges
VendorProductVersion rangeFixed in
carelapplica
carelapplica
carelpcoweb_card_firmwarea2.1.0 – b.2.1.0
carelpcoweb_hvac_bacnet_gateway

Detection & IOCsextracted from sources · hover to see the quote

url/usr-cgi/logdownload.cgi?file=../../../../../../../../etc/passwd
path/usr-cgi/logdownload.cgi
yara
regex: root:.*:0:0:
  • Look for unauthenticated GET requests to /usr-cgi/logdownload.cgi containing directory traversal sequences (e.g., ../../../../) in the 'file' parameter.
  • A successful exploit response will contain the contents of /etc/passwd, detectable by the pattern 'root:.*:0:0:' in the HTTP response body.
  • No authentication is required to exploit this vulnerability; monitor for anonymous/unauthenticated access to logdownload.cgi.
  • ·Vulnerability is confirmed on Carel pCOWeb HVAC BACnet Gateway version 2.1.0 with specific firmware and application software versions.
  • ·The vulnerable CGI script is a Bash script, meaning exploitation is limited to environments where this specific script is present and executable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.