Lucene search
HistoryDec 23, 2022 - 9:15 p.m.
CVE-2022-23854
aveva
intouch
access anywhere
path traversal
vulnerability
unauthenticated user
network access
secure gateway web server
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.751
Percentile
98.2%
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Affected configurations
Node
avevaintouch_access_anywhereRange<2020
ORavevaintouch_access_anywhereMatch2020-
ORavevaintouch_access_anywhereMatch2020r2
Related
packetstorm
packetstorm
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
2022-09-09 00:00:00
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
2022-11-11 00:00:00
cvelist
cvelist
CVE-2022-23854
2022-12-23 20:50:24
cve
cve
CVE-2022-23854
2022-12-23 21:15:09
nuclei
nuclei
AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
2022-09-12 08:32:07
prion
prion
Path traversal
2022-12-23 21:15:00
zdt
zdt
exploitdb
exploitdb
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
2022-11-11 00:00:00
ics
ics
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A)
2023-03-16 12:00:00
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.751
Percentile
98.2%
Related for NVD:CVE-2022-23854