Published: 23/12/2022 Updated: 19/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aveva intouch access anywhere 2020
aveva intouch access anywhere

Critical Infrastructure Sectors: Critical Manufacturing

Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel (CRISEC IT-Security) Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET /AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%25 ...

InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability ...

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 suffers from a path traversal vulnerability ...

CWE-22 https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal https://nvd.nist.gov https://www.exploit-db.com/exploits/51028 https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02

CVE-2022-23854

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Exploits

References

Vulmon Search

About

Products

Connect