CVE-2022-46680 — Vulnetix

CVE-2022-46680 PUBLISHED CVSS 7.5 HIGH

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

EPSS 0.14% · 33.7th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.14%

33.7th percentile

Affected Products

Vendor	Product	Versions
AVEVA	InTouch Access Anywhere	0

Exploit Intelligence

https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 (circl)
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf (circl)
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal (circl)

Timeline

May 9, 2023 CVE Published
May 23, 2023 EPSS Score
Jun 28, 2023 EPSS Score
Aug 4, 2023 EPSS Score
Sep 9, 2023 EPSS Score
Oct 15, 2023 EPSS Score
Nov 21, 2023 EPSS Score
Dec 27, 2023 EPSS Score
Feb 1, 2024 EPSS Score
Mar 8, 2024 EPSS Score
Apr 14, 2024 EPSS Score
May 20, 2024 EPSS Score

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-01.pdf advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-04.pdf advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-02.pdf advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 url
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf url
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal url

Open in Interactive Console →