CVE-2022-23854

HIGH NUCLEI

AVEVA InTouch Access Anywhere <2020 R2 - Path Traversal

Title source: llm

Description

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

Exploits (1)

exploitdb WORKING POC

by Jens Regel · textremotehardware

https://www.exploit-db.com/exploits/51028

View Code ZIP pw:eip

Nuclei Templates (1)

AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion

HIGHVERIFIEDby For3stCo1d

Shodan: http.html:"InTouch Access Anywhere" || http.html:"intouch access anywhere"

FOFA: body="intouch access anywhere"

References (3)

[Various Sources] https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal

[Various Sources] https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02

Scores

CVSS v3 7.5

EPSS 0.9218

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22 CWE-23

Status published

Products (2)

aveva/intouch_access_anywhere 2020 (2 CPE variants)

aveva/intouch_access_anywhere < 2020

Published Dec 23, 2022

Tracked Since Feb 18, 2026