AVEVA InTouch Access Anywhere Panel Detection Scanner

AVEVA InTouch Access Anywhere is widely utilized in industrial environments, particularly for process control and monitoring. It's used by manufacturing and utilities sectors, offering a browser-based gateway to SCADA and HMI systems. Organizations rely on it for seamless remote access to industrial control systems over the internet. It facilitates operational efficiency by enabling users to access real-time data and control systems remotely. Ensuring that only authorized users can access the system is crucial, as these systems control critical infrastructure. Organizations leverage this tool to enhance their operational process, proving its significance in process control management.

The detection of AVEVA InTouch Access Anywhere is crucial to prevent unauthorized access to sensitive industrial control systems. The vulnerability this scanner targets is the exposure of the Access Anywhere panel, which should ideally be restricted and not accessible over the internet without stringent security measures. Unauthorized access to these panels can pose risks to control systems, potentially leading to operational disruption. The scanner is designed to identify instances where the Access Anywhere panel is exposed, which can signify misconfiguration issues. The focus of detection is to secure these systems by identifying potential security misconfigurations. Organizations can use such detection to audit and improve their security posture.

Technically, this detection scanner operates by sending a GET request to a specific endpoint of the service, typically the AccessAnywhere/start.html page. The server's response is analyzed for specific words such as "InTouch" and "Access Anywhere" to confirm the presence of the panel. The scanner uses status codes and body content matching to verify the existence of the panel. It considers both successful (status 200) and redirects responses to identify if the panel is exposed. This process ensures that only publicly accessible interfaces of InTouch Access Anywhere are flagged. Identifying the exposure of such panels helps in understanding the risk associated with potential unauthorized access.

If the AVEVA InTouch Access Anywhere panel is left exposed, unauthorized users might gain access to sensitive industrial data or control interfaces. This could lead to unauthorized actions or system changes, potentially resulting in operational failures or reduced safety. Industrial control systems are critical, and even minor unauthorized changes can have significant consequences. Exposure of these interfaces could also allow attackers to exploit other vulnerabilities if present. Ultimately, the impact of exploiting such vulnerabilities can be far-reaching, influencing both the operational and safety aspects of an industrial environment. Organizations need to be vigilant to avoid data breaches and possible attacks.

REFERENCES

• https://www.aveva.com/en/products/intouch-hmi/
• https://www.aveva.com/en/products/intouch-access-anywhere/