17 matches found
EUVD-2017-14269
Malware in sbrugna...
EUVD-2017-14265
Malware in sbrugna...
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to errors in processing the relative path to the catalog, allows a hacker to gain read access to files located outside the protected web server.
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere lies in errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to files located outside the protected web...
Path traversal
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
CISA Releases Three Industrial Control Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Title: ====== AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: ======= Jens Regel, CRISEC IT-Security CVE: ==== CVE-2022-23854 Advisory: ========= https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: ========= 25.06.2021...
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal Vulnerability
Title: ====== AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: ======= Jens Regel, CRISEC IT-Security CVE: ==== CVE-2022-23854 Advisory: ========= https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: ========= 25.06.2021...
CVE-2022-1467
CVE-2022-1467 affects AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere (all versions). The root cause is a Windows language bar overlay that can be manipulated to launch an OS command prompt from within the browser, creating a context-escape from the hosted application to the O...
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to the disclosure of information in the error data area, allows a intruder to execute arbitrary OS commands.
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere relates to the disclosure of information in the error area of data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary OS commands remotely...
Code injection
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...
CVE-2017-5158
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...
CVE-2017-5156
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user...
CVE-2017-5158
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...
CVE-2017-5160
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...
CVE-2017-5160
Schneider Electric Wonderware InTouch Access Anywhere (versions up to 11.5.2) is affected by CVE-2017-5160: Inadequate TLS certificate verification causes TLS connections to not properly verify peers, exposing confidentiality and integrity during network communications. The issue is triggered in ...