CVSS: 7.8EPSS: 92%CPEs: 3EXPL: 3CVE-2022-23854 – AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
https://notcve.org/view.php?id=CVE-2022-23854
09 Sep 2022 — AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. AVEVA InTouch Access Anywhere versiones 2020 R2 y anteriores son vulnerables a una explotación de path traversal que podría permitir a un usuario no autenticado con acceso a la red leer archivos en el sistema fuera del servidor web de puerta de enlace segura. InTouch Access Anywhe... • https://packetstorm.news/files/id/168328 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1467 – AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
https://notcve.org/view.php?id=CVE-2022-1467
23 May 2022 — Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. El Sistema Operativo Windows puede configurarse para superponer "language bar" sobre cualquier apli... • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5156
https://notcve.org/view.php?id=CVE-2017-5156
20 Apr 2017 — A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. Un problema CSRF fue descubierto en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. La solicitud del cliente puede falsificarse desde un sitio diferente. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5158
https://notcve.org/view.php?id=CVE-2017-5158
20 Apr 2017 — An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. Se ha descubierto un problema de exposición de la información en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. Las credenciales pueden estar expuestas a sistemas externos a través de parámetros específic... • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5160
https://notcve.org/view.php?id=CVE-2017-5160
20 Apr 2017 — An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. Se ha descubierto un problema Inadequate Encryption Strength en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. El software se conectará a través de Transport Layer Security sin verificar correctamente el certifica... • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 • CWE-326: Inadequate Encryption Strength •