Description
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.
Published: 2026-06-12
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The iVEC-IEI Virtualization Edge Computer by IEI Integration Corp contains an arbitrary file read flaw that permits privileged remote attackers to access system files outside the intended directory boundaries. The vulnerability is a pathname traversal bug (CWE‑22) that leaks sensitive files, potentially exposing confidential system configuration and user data. The impact is the unauthorized disclosure of files but does not provide code execution or arbitrary write capabilities.

Affected Systems

All installations of the iVEC TANK‑XM811 product of IEI Integration Corp are affected, specifically versions earlier than v1.0.4. The vendor recommends updating to v1.0.4 or later to remediate the flaw.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity level. No EPSS score is available, so the exploitation probability cannot be quantified, and the vulnerability is not currently listed in the CISA KEV catalog. The flaw requires remote privileged access, meaning an attacker who can authenticate with sufficient rights can exploit the path traversal to read any file on the host. This makes it a significant threat in environments where remote management interfaces are exposed without strict access controls.

Generated by OpenCVE AI on June 12, 2026 at 10:21 UTC.

Remediation

Vendor Solution

Update iVEC TANK-XM811 to version v1.0.4 or later.

OpenCVE Recommended Actions

  • Apply the vendor patch to upgrade to v1.0.4 or later.
  • Enforce server‑side path validation and restrict file reads to a whitelisted directory to prevent path traversal.
  • Restrict remote management access to trusted administrators, using network segmentation or VPN, to limit the attack surface.

Generated by OpenCVE AI on June 12, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Iei Integration Corp
Iei Integration Corp ivec Tank-xm811
Vendors & Products Iei Integration Corp
Iei Integration Corp ivec Tank-xm811

Fri, 12 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.
Title IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Read
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Iei Integration Corp Ivec Tank-xm811
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-06-12T11:13:02.917Z

Reserved: 2026-06-10T07:50:56.772Z

Link: CVE-2026-11844

cve-icon Vulnrichment

Updated: 2026-06-12T11:12:50.997Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T10:16:21.423

Modified: 2026-06-12T16:00:18.860

Link: CVE-2026-11844

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:51Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')