VDB
CVE-2022-1467
CVE-2022-1467
PUBLISHED
CVSS 9.899999618530273 CRITICAL
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.
EPSS 0.28% · 51.5th percentile
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.28%
51.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Triangle Microworks | Library: IEC 60870-6 (ICCP/Tase.2) | * |
| Triangle Microworks | Library: IEC 61850 | Any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier, * |
| aveva | plant_scada_access_anywhere | |
| aveva | intouch_access_anywhere |
Exploit Intelligence
Timeline
- May 23, 2022 CVE Published
- May 24, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Aug 31, 2022 EPSS Score
- Oct 18, 2022 EPSS Score
- Dec 6, 2022 EPSS Score
- Jan 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 14, 2023 EPSS Score
- May 2, 2023 EPSS Score
- Jun 20, 2023 EPSS Score
- Aug 7, 2023 EPSS Score
References
- https://www.aveva.com/en/support-and-success/cyber-security-updates/ advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-1467 advisory
- https://www.aveva.com/en/support-and-success/cyber-security-updates url
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-01 url