As of recently, several potential vulnerabilities have been identified in Aveva’s HMI & SCADA products, which could be of significant concern to organizations using these technologies. The InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products of Aveva and CISA were the subject of a security alert published last week regarding three vulnerabilities.
One of the researchers at German cybersecurity firm Crisec discovered a high-severity path traversal vulnerability in the software.
An unauthenticated attacker with access to the network that links to the secure gateway can exploit this vulnerability to read files on the system other than those that are linked to the secured gateway.
The Full Disclosure mailing list, which Regel belongs to, published a report along with a proof-of-concept (PoC) exploit to demonstrate the difficulty and impact of the vulnerability in September 2022. It was discovered by this man that it was possible for this vulnerability to be exploited, and a vendor hotfix was issued after he disclosed it to be exploitable.
In combination with the vulnerability identified by CVE-2022-238542, Regel’s critical vulnerability gives an unauthenticated attacker with network access to the secure
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: