CVE-2022-1467 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-1467 PUBLISHED CVSS 9.899999618530273 CRITICAL

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

EPSS 0.28% · 51.0th percentile

Risk Scores

CVSS v3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.28%

51.0th percentile

Affected Products

Vendor	Product	Versions
Triangle Microworks	Library: IEC 60870-6 (ICCP/Tase.2)	Any client or server using a C++ language library with a version number of 4.4.3 or earlier
Triangle Microworks	Library: IEC 61850	Any client or server using the C language library with a version number of 11.2.0 or earlier, Any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier
aveva	plant_scada_access_anywhere
aveva	intouch_access_anywhere

Timeline

May 23, 2022 CVE Published
May 24, 2022 EPSS Score
Jul 11, 2022 EPSS Score
Aug 29, 2022 EPSS Score
Oct 17, 2022 EPSS Score
Dec 4, 2022 EPSS Score
Jan 21, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 10, 2023 EPSS Score
Apr 28, 2023 EPSS Score
Jun 15, 2023 EPSS Score
Aug 2, 2023 EPSS Score

References

Open in Interactive Console →