Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
Vulnerability Description
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
多款AVEVA产品安全漏洞
Vulnerability Description
AVEVA InTouch Access Anywhere和AVEVA Plant SCADA Access Anywhere都是英国AVEVA公司的产品。AVEVA InTouch Access Anywhere是一个 InTouch 扩展。允许移动和临时用户通过符合 HTML5 标准的浏览器访问 InTouch 应用程序。AVEVA Plant SCADA Access Anywhere是一个面向工业过程客户的可靠、灵活且高性能的监控和数据采集 (SCADA) 软件解决方案。可以在任何兼容的 Web
CVSS Information
N/A
Vulnerability Type
N/A