Lucene search
K

4 matches found

BDU FSTEC
BDU FSTEC
added 2023/04/03 12:0 a.m.6 views

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to errors in processing the relative path to the catalog, allows a hacker to gain read access to files located outside the protected web server.

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere lies in errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to files located outside the protected web...

7.8CVSS7.2AI score0.45957EPSS
Exploits5References5Affected Software2
NVD
NVD
added 2022/05/23 8:16 p.m.34 views

CVE-2022-1467

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...

9.9CVSS0.00873EPSS
Exploits0References2
CVE
CVE
added 2022/05/23 7:17 p.m.115 views

CVE-2022-1467

CVE-2022-1467 affects AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere (all versions). The root cause is a Windows language bar overlay that can be manipulated to launch an OS command prompt from within the browser, creating a context-escape from the hosted application to the O...

9.9CVSS8.7AI score0.00873EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/05/13 12:0 a.m.5 views

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to the disclosure of information in the error data area, allows a intruder to execute arbitrary OS commands.

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere relates to the disclosure of information in the error area of data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary OS commands remotely...

7.4CVSS8.1AI score0.00873EPSS
Exploits0References5
Rows per page
Query Builder