AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
References
Configurations
Configuration 1 (hide)
|
History
19 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
17 Jan 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
Summary | AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. |
23 Jun 2023, 18:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 |
04 Jan 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:aveva:intouch_access_anywhere:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:intouch_access_anywhere:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:intouch_access_anywhere:2020:r2:*:*:*:*:*:* |
|
First Time |
Aveva intouch Access Anywhere
Aveva |
23 Dec 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-23 21:15
Updated : 2024-01-19 19:15
NVD link : CVE-2022-23854
Mitre link : CVE-2022-23854
CVE.ORG link : CVE-2022-23854
JSON object : View
Products Affected
aveva
- intouch_access_anywhere