Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-1467

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-23 May, 2022 | 19:17
Updated At-16 Apr, 2025 | 16:19
Rejected At-
Credits

AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:23 May, 2022 | 19:17
Updated At:16 Apr, 2025 | 16:19
Rejected At:
▼CVE Numbering Authority (CNA)
AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

Affected Products
Vendor
AVEVAAVEVA
Product
AVEVA InTouch Access Anywhere
Versions
Affected
  • all
Vendor
AVEVAAVEVA
Product
AVEVA Plant SCADA Access Anywhere
Versions
Affected
  • all
Problem Types
TypeCWE IDDescription
CWECWE-668CWE-668: Exposure of Resource to Wrong Sphere
Type: CWE
CWE ID: CWE-668
Description: CWE-668: Exposure of Resource to Wrong Sphere
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

AVEVA recommends the following mitigations: Disable the Windows language bar on the server machine hosting InTouch Access Anywhere and Plant SCADA Access Anywhere applications unless it is required. Create unique user accounts with minimal privileges dedicated only to remote access of InTouch Access Anywhere and Plant SCADA Access Anywhere applications. Utilize OS group policy objects (GPOs) to further restrict what those unique user accounts are allowed to do. Restrict access based on Microsoft’s recommended block list. For more information on this vulnerability, including security updates, please see security bulletin AVEVA-2022-001

Exploits
Credits
Giovanni Delvecchio from Aceaspa reported this vulnerability to AVEVA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.aveva.com/en/support-and-success/cyber-security-updates/
x_refsource_MISC
https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05
x_refsource_MISC
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Resource:
x_refsource_MISC
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.aveva.com/en/support-and-success/cyber-security-updates/
x_refsource_MISC
x_transferred
https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05
x_refsource_MISC
x_transferred
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:23 May, 2022 | 20:16
Updated At:07 Jun, 2022 | 03:07

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary2.08.5HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 8.5
Base severity: HIGH
Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C
CPE Matches
AVEVA
aveva
>>intouch_access_anywhere>>*
cpe:2.3:a:aveva:intouch_access_anywhere:*:*:*:*:*:*:*:*
AVEVA
aveva
>>plant_scada_access_anywhere>>*
cpe:2.3:a:aveva:plant_scada_access_anywhere:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-668Primaryics-cert@hq.dhs.gov
CWE ID: CWE-668
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.aveva.com/en/support-and-success/cyber-security-updates/ics-cert@hq.dhs.gov
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Source: ics-cert@hq.dhs.gov
Resource:
Vendor Advisory
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2022-43684
Matching Score-4
Assigner-ServiceNow
ShareView Details
Matching Score-4
Assigner-ServiceNow
CVSS Score-9.9||CRITICAL
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 18:51
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ACL bypass in Reporting functionality

ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.

Action-Not Available
Vendor-ServiceNow, Inc.
Product-servicenowNow Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-55077
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.06%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 18:37
Updated-12 Aug, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tyler Technologies ERP Pro 9 SaaS application escape

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.

Action-Not Available
Vendor-Tyler Technologies
Product-ERP Pro 9 SaaS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-16541
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:11
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

Action-Not Available
Vendor-Jenkins
Product-jiraJenkins JIRA Plugin
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
Details not found