CVE-2022-1467
Summary
| CVE | CVE-2022-1467 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-23 20:16:00 UTC |
| Updated | 2022-06-07 03:07:00 UTC |
| Description | Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. |
Risk And Classification
Problem Types: CWE-668
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Aveva | Intouch Access Anywhere | All | All | All | All |
| Application | Aveva | Plant Scada Access Anywhere | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.aveva.com/en/support-and-success/cyber-security-updates | MISC | www.aveva.com | |
| AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Giovanni Delvecchio from Aceaspa reported this vulnerability to AVEVA.
Legacy QID Mappings
- 590857 AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere Vulnerability (ICSA-22-130-05)