Vulnerability Details CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.926
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
Products affected by CVE-2022-23854
-
cpe:2.3:a:aveva:intouch_access_anywhere:-
-
cpe:2.3:a:aveva:intouch_access_anywhere:2020