Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23854

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

Published

2022-12-23T21:15:09.097

Last Modified

2025-02-13T17:15:38.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-23
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	aveva	intouch_access_anywhere	< 2020	Yes
Application	aveva	intouch_access_anywhere	2020	Yes
Application	aveva	intouch_access_anywhere	2020	Yes

References

https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal ([email protected])
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 Third Party Advisory, US Government Resource ([email protected])
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal (af854a3a-2127-422b-91ae-364da2661108)
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)