CVE-2022-23854

Summary

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

Affected Software

VendorProductVersion RangeStatus
AVEVAInTouch Access Anywhere0 <= 2020 R2affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References