← back
CVE-2022-23854

CVE-2022-23854

CVSS 7.5 HIGHEPSS 46.0%CWE-23
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
AVEVA · InTouch Access Anywhere
public PoCs found1
exploitdbwww.exploit-db.com/exploits/51028unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversalhttps://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02