CVE-2022-23854 HIGH

CVE-2022-23854

Vendor Aveva

Product InTouch Access Anywhere

Weakness CWE-23

Published December 23, 2022

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

Key dates

02Disclosure timeline

December 23, 2022 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23854

Related vulnerabilities

04Related CVE

CVE-2025-41268 CVE-2021-4459 SMA: Directory Traversal in Sunny Boy <3.10.27.R CVE-2024-7693 Team Johnlong software Raiden MAILD Remote Management System - Arbitrary File Reading through Path Traversal CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base