Filtered by vendor Aveva
Subscribe
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38410 | 1 Aveva | 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more | 2022-08-04 | N/A | 7.8 HIGH |
| AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. | |||||
| CVE-2020-13499 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13501 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13500 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2022-06-07 | 8.5 HIGH | 9.9 CRITICAL |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | |||||
| CVE-2022-0835 | 1 Aveva | 1 System Platform | 2022-04-18 | 1.9 LOW | 5.5 MEDIUM |
| AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. | |||||
| CVE-2021-33010 | 1 Aveva | 1 System Platform | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | |||||
| CVE-2021-33008 | 1 Aveva | 1 System Platform | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | |||||
| CVE-2021-32985 | 1 Aveva | 1 System Platform | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | |||||
| CVE-2021-32981 | 1 Aveva | 1 System Platform | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | |||||
| CVE-2021-32977 | 1 Aveva | 1 System Platform | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. | |||||
| CVE-2021-32971 | 1 Aveva | 1 Suitelink | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer dereference in SuiteLink server while processing command 0x07 | |||||
| CVE-2021-32963 | 1 Aveva | 1 Suitelink | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 | |||||
| CVE-2021-32979 | 1 Aveva | 1 Suitelink | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a | |||||
| CVE-2021-32987 | 1 Aveva | 1 Suitelink | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer dereference in SuiteLink server while processing command 0x0b | |||||
| CVE-2021-32999 | 1 Aveva | 1 Suitelink | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 | |||||
| CVE-2021-32959 | 1 Aveva | 1 Suitelink | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 | |||||
| CVE-2017-5156 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. | |||||
| CVE-2017-5158 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-09-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. | |||||
| CVE-2017-5160 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-08-31 | 3.5 LOW | 5.3 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | |||||