Описание
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-23854
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
Связанные уязвимости
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Уязвимость расширений для обеспечения доступа к приложениям InTouch Access Anywhere и Plant SCADA Access Anywhere, связанная с ошибками в обработке относительного пути к каталогу, позволяющая нарушителю получить доступ на чтение к файлам, находящимся за пределами защищенного веб-сервера шлюза