ICSA-22-342-02 · Published 2023-04-03 · View on CISA ICS-CERT ↗

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated user to read files on the system, execute arbitrary code, or create a denial-of-service condition.

CVEs (3)

CVE-2022-23854 CVE-2021-3711 CVE-2020-11022

Remediations

InTouch Access Anywhere Secure Gateway 2020 R2 (version 20.1.0) Hotfix.
InTouch Access Anywhere Secure Gateway 2020b (version 20.0.1) Hotfix.

Affected Vendors

AVEVA Software, LLC

Affected Products (2)

AVEVA Software, LLC · InTouch Access Anywhere <= 2023

AVEVA Software, LLC · Plant SCADA Access Anywhere <= 2020 R2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more