Detections
Analytics
FLIR Systems AX8 Cameras Path Traversal (CVE-2022-37060)
high Tenable OT Security Plugin ID 505194
Synopsis
The remote OT asset is affected by a vulnerability.Description
FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path.NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
http://www.nessus.org/u?af4779fb
https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899
https://www.flir.com/products/ax8-automation/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5493.php
Plugin Details
Severity: High
ID: 505194
File Name: tenable_ot_flirsystems_CVE-2022-37060.nasl
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 2/19/2026
Updated: 2/19/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Information
CPE: cpe:/o:flir:flir_ax8_firmware
Required KB Items: Tenable.ot/FLIRSystems
Exploit Ease: No known exploits are available
Patch Publication Date: 8/18/2022
Vulnerability Publication Date: 8/18/2022
Reference Information
CVE: CVE-2022-37060
CWE: 22