5 matches found
CVE-2022-1467
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
CVE-2022-1467
CVE-2022-1467 affects AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere (all versions). The root cause is a Windows language bar overlay that can be manipulated to launch an OS command prompt from within the browser, creating a context-escape from the hosted application to the O...
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability...