Overview
- Description
- AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:intouch_access_anywhere:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F4E91FD-1FBB-4093-8A99-F89756A3B51E",
"versionEndExcluding": "2020"
},
{
"criteria": "cpe:2.3:a:aveva:intouch_access_anywhere:2020:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10DB83A-3B40-4E29-8958-5FBA3625CB5F"
},
{
"criteria": "cpe:2.3:a:aveva:intouch_access_anywhere:2020:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1FEED24-00F2-44EF-94B5-039390753A97"
}
],
"operator": "OR"
}
]
}
]