CVSS: 7.1EPSS: 0%CPEs: 40EXPL: 0CVE-2023-34982 – AVEVA Operations Control Logger External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-34982
15 Nov 2023 — This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. Esta vulnerabilidad de control externo, si se explota, podría permitir que un usuario local autenticado en el sistema operativo con privilegios estándar elimine archivos con privilegios de sistema en la máquina donde están instalados estos productos, lo que resultaría en u... • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2023-33873 – AVEVA Operations Control Logger Execution with Unnecessary Privileges
https://notcve.org/view.php?id=CVE-2023-33873
15 Nov 2023 — This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, ... • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 91%CPEs: 3EXPL: 3CVE-2022-23854 – AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
https://notcve.org/view.php?id=CVE-2022-23854
09 Sep 2022 — AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. AVEVA InTouch Access Anywhere versiones 2020 R2 y anteriores son vulnerables a una explotación de path traversal que podría permitir a un usuario no autenticado con acceso a la red leer archivos en el sistema fuera del servidor web de puerta de enlace segura. InTouch Access Anywhe... • https://packetstorm.news/files/id/168328 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •