VDB
ICSA-22-130-05
ICSA-22-130-05
PUBLISHED
CVSS 7.400000095367432 HIGH
Successful exploitation of this vulnerability could allow an authenticated user to escape from the context of the streamed application into the OS and launch arbitrary OS commands.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| AVEVA Plant SCADA Access Anywhere (formerly known as AVEVA Citect Anywhere and Schneider Electric Citect Anywhere): All versions | ||
| AVEVA InTouch Access Anywhere: All versions |
Timeline
- May 10, 2022 CVE Published
References
- https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-130-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-130-05 advisory
- https://www.cisa.gov/uscert/ncas/tips/ST04-014 url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules fix
- https://www.aveva.com/en/support-and-success/cyber-security-updates/ fix