41 matches found
EUVD-2017-14267
Malware in sbrugna...
EUVD-2017-14269
Malware in sbrugna...
EUVD-2017-14265
Malware in sbrugna...
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
Path traversal
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
CVE-2022-23854
CVE-2022-23854 affects AVEVA InTouch Access Anywhere Secure Gateway (2020 R2 and earlier). The vulnerability is a path traversal issue allowing an unauthenticated remote attacker with network access to read files outside the secure gateway web server (local file inclusion/vector). Affected produc...
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
PT-2022-6508 · Aveva · Aveva Intouch Access Anywhere
Name of the Vulnerable Software and Affected Versions: AVEVA InTouch Access Anywhere versions 2020 R2 and older Description: The issue is related to errors in processing relative path to directory, which could allow an unauthenticated user with network access to read files on the system outside o...
CISA Releases Three Industrial Control Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Vulnerability
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Title: ====== AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: ======= Jens Regel, CRISEC IT-Security CVE: ==== CVE-2022-23854 Advisory: ========= https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: ========= 25.06.2021...
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal Vulnerability
Title: ====== AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: ======= Jens Regel, CRISEC IT-Security CVE: ==== CVE-2022-23854 Advisory: ========= https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: ========= 25.06.2021...
CVE-2022-1467
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
Command injection
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
CVE-2022-1467
CVE-2022-1467 affects AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere (all versions). The root cause is a Windows language bar overlay that can be manipulated to launch an OS command prompt from within the browser, creating a context-escape from the hosted application to the O...
CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...