VDB
CVE-2023-1256
CVE-2023-1256
PUBLISHED
CVSS 7.5 HIGH
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
EPSS 0.33% · 56.4th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.33%
56.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| AVEVA | InTouch Access Anywhere | 0 |
Exploit Intelligence
Timeline
- Mar 16, 2023 CVE Published
- Mar 17, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
- Jun 2, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 18, 2023 EPSS Score
- Sep 26, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Dec 12, 2023 EPSS Score
- Jan 20, 2024 EPSS Score
- Feb 28, 2024 EPSS Score
- Apr 6, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 url
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf url
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal url