Path Traversal Vulnerability in AVEVA InTouch Access Anywhere
CVE-2022-23854

7.5HIGH

Key Information:

Vendor: Aveva
Status: Intouch Access Anywhere
Vendor: CVE Published:; 23 December 2022

What is CVE-2022-23854?

AVEVA InTouch Access Anywhere versions 2020 R2 and earlier are susceptible to a path traversal vulnerability, enabling unauthorized users with network access to read files stored outside the secure web gateway. This flaw allows for potential exposure of sensitive information and poses a risk to system integrity, making it critical for users to ensure proper security measures and updates are in place to mitigate the threat.

Affected Version(s)

InTouch Access Anywhere 0 <= 2020 R2

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02

government-resource

https://www.aveva.com/content/dam/aveva/documents/support...

https://crisec.de/advisory-aveva-intouch-access-anywhere-...

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Jan 24, 2022

Credit

Jens Regel

CRISEC

Aveva

What is CVE-2022-23854?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit