cvedb.io
CVE-2022-1467
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2022-05-23T20:16:40.833 · Last modified 2026-06-17T04:22:30.317

Summary

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

Affected products

aveva — intouch_access_anywhere

Does this affect you?

Add your gear to cvedb and we'll alert you only when aveva ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.