As of recently, several potential vulnerabilities have been identified in Aveva's HMI & SCADA products, which could be of significant concern to organizations using these technologies. The InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products of Aveva and CISA were the subject of a security alert published last week regarding three vulnerabilities.
One of the researchers at German cybersecurity firm Crisec discovered a high-severity path traversal vulnerability in the software.
An unauthenticated attacker with access to the network that links to the secure gateway can exploit this vulnerability to read files on the system other than those that are linked to the secured gateway.
The Full Disclosure mailing list, which Regel belongs to, published a report along with a proof-of-concept (PoC) exploit to demonstrate the difficulty and impact of the vulnerability in September 2022. It was discovered by this man that it was possible for this vulnerability to be exploited, and a vendor hotfix was issued after he disclosed it to be exploitable.
In combination with the vulnerability identified by CVE-2022-238542, Regel's critical vulnerability gives an unauthenticated attacker with network access to the secure gateway the ability to read files on the system outside of the web server of the secure gateway.
It was also discovered that there were two other flaws in addition to the path traversal vulnerability. This set of vulnerabilities affects third-party components as well as a critical OpenSSL flaw that can be used to launch a denial-of-service attack or execute arbitrary code, as well as a medium-severity vulnerability that is caused by the use of a vulnerable jQuery version. Several of these vulnerabilities have been addressed by the vendor through the release of software updates.
The National Cyber Security Centre (NCSC) of the UK also discovered a vulnerability found in Aveva Industries' Plant SCADA and Telemetry Server products. In the event of a remote attack, a remote attacker is capable of reading data remotely, causing a denial of service condition, and manipulating alarm state information. As a result of this vulnerability, both CISA and Aveva are preparing to report it.
Several potentially serious vulnerabilities in Aviva's HMI and SCADA products should be addressed by organizations. As a result, attackers may be able to access sensitive information, cause a denial of service condition, or alter the alarm state due to these vulnerabilities. To patch all of these vulnerabilities, you are advised to download and install software updates from the vendor as soon as possible to protect your system.