Lucene search

PRIOn knowledge basePRION:CVE-2022-23854

HistoryDec 23, 2022 - 9:15 p.m.

Path traversal

2022-12-2321:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.689 Medium

EPSS

Percentile

97.9%

JSON

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

CPENameOperatorVersion
intouch_access_anywhereeq2020
intouch_access_anywhereeq2020 r2
intouch_access_anywherelt2020

Name	Operator	Version
intouch_access_anywhere	eq	2020
intouch_access_anywhere	eq	2020 r2
intouch_access_anywhere	lt	2020

References

crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal

www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf

www.cisa.gov/uscert/ics/advisories/icsa-22-342-02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.689 Medium

EPSS

Percentile

97.9%

JSON

Related for PRION:CVE-2022-23854