Search criteria
76 vulnerabilities by Aveva
CVE-2025-8386 (GCVE-0-2025-8386)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:57 – Updated: 2025-11-17 16:56
VLAI?
Title
AVEVA Application Server IDE Basic Cross-site Scripting
Summary
The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of "aaConfigTools") to tamper with App Objects' help
files and persist a cross-site scripting (XSS) injection that when
executed by a victim user, can result in horizontal or vertical
escalation of privileges. The vulnerability can only be exploited during
config-time operations within the IDE component of Application Server.
Run-time components and operations are not affected.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | Application Server |
Affected:
0 , ≤ Versions 2023 R2 SP1 P02
(custom)
|
Credits
AVEVA reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:55:50.026475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:56:00.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "Versions 2023 R2 SP1 P02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects\u0027 help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."
}
],
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects\u0027 help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:57:04.396Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin-AVEVA-2025-005.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users using affected product versions should\n apply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of the Application Server IDE can be fixed by upgrading to AVEVA System Platform \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/d32b2534-9601-4beb-ac78-046ca2ef594d\"\u003e2023 R2 SP1 P03\u003c/a\u003e\u0026nbsp;or higher.\u003c/p\u003e\n\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAudit assigned permissions to ensure that only trusted users are \nadded to the \"aaConfigTools\" OS Group. For additional information on \nApplication Server OS Security groups and accounts, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/sp-install/page/738031.html\"\u003ehttps://docs.aveva.com/bundle/sp-install/page/738031.html\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-005.pdf\"\u003eAVEVA-2025-005\u003c/a\u003e or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users using affected product versions should\n apply security updates to mitigate the risk of exploit.\n\nAll affected versions of the Application Server IDE can be fixed by upgrading to AVEVA System Platform 2023 R2 SP1 P03 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/d32b2534-9601-4beb-ac78-046ca2ef594d \u00a0or higher.\n\n\nThe following general defensive measures are recommended:\n\n\n\n * Audit assigned permissions to ensure that only trusted users are \nadded to the \"aaConfigTools\" OS Group. For additional information on \nApplication Server OS Security groups and accounts, see https://docs.aveva.com/bundle/sp-install/page/738031.html \n\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-005 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-005.pdf or AVEVA\u0027s bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-317-02",
"discovery": "INTERNAL"
},
"title": "AVEVA Application Server IDE Basic Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-8386",
"datePublished": "2025-11-14T23:57:04.396Z",
"dateReserved": "2025-07-30T18:49:26.187Z",
"dateUpdated": "2025-11-17T16:56:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9317 (GCVE-0-2025-9317)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:49 – Updated: 2025-11-17 16:55
VLAI?
Title
AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm
Summary
The vulnerability, if exploited, could allow a miscreant with read
access to Edge Project files or Edge Offline Cache files to reverse
engineer Edge users' app-native or Active Directory passwords through
computational brute-forcing of weak hashes.
Severity ?
CWE
Assigner
References
Credits
Joao Varelas reported this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:55:08.051296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:55:20.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "Versions 2023 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joao Varelas reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
}
],
"value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:49:27.149Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\u003c/p\u003e\n\u003cp\u003eUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply AVEVA Edge \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9\"\u003e2023 R2 P01\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e Security Update and migrate old project files.\u003c/li\u003e\n\u003cli\u003eFor projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\u003c/li\u003e\n\u003cli\u003eRequire AVEVA Edge users to change their passwords.\u003c/li\u003e\n\u003cli\u003eImportant: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\u003c/li\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\nFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e.\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\n\n\nUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\n\n\n\n * Apply AVEVA Edge 2023 R2 P01 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9 \n\n\n * Security Update and migrate old project files.\n\n * For projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\n\n * Require AVEVA Edge users to change their passwords.\n\n * Important: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\n * \n\n\nFor information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ .For more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-317-03",
"discovery": "EXTERNAL"
},
"title": "AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAccess Control Lists should be applied to all folders where users will save and load project files.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\u003c/li\u003e\n\u003cli\u003eApply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u0026gt; Project Overview \u0026gt; Configuring Additional \nProject Settings \u0026gt; Options Tab \u0026gt; Data Protection.\u003c/li\u003e\n\u003cli\u003eIf passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u0026gt; Tags and the \nTag Database \u0026gt; About Tags and the Project Database.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The following general defensive measures are recommended:\n\n\n\n * Access Control Lists should be applied to all folders where users will save and load project files.\n\n * Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\n\n * Apply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u003e Project Overview \u003e Configuring Additional \nProject Settings \u003e Options Tab \u003e Data Protection.\n\n * If passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u003e Tags and the \nTag Database \u003e About Tags and the Project Database.\n\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0.\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-9317",
"datePublished": "2025-11-14T23:49:27.149Z",
"dateReserved": "2025-08-21T12:45:22.693Z",
"dateUpdated": "2025-11-17T16:55:20.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54460 (GCVE-0-2025-54460)
Vulnerability from cvelistv5 – Published: 2025-08-21 20:00 – Updated: 2025-08-21 20:13
VLAI?
Title
AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type
Summary
The vulnerability, if exploited, could allow an authenticated miscreant
(with privileges to create or access publication targets of type Text
File or HDFS) to upload and persist files that could potentially be
executed.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Integrator |
Affected:
0 , < 2020 R2 SP1
(custom)
|
Credits
Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T20:12:55.514721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T20:13:06.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Integrator",
"vendor": "AVEVA",
"versions": [
{
"lessThan": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privileges to create or access publication targets of type Text \nFile or HDFS) to upload and persist files that could potentially be \nexecuted."
}
],
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privileges to create or access publication targets of type Text \nFile or HDFS) to upload and persist files that could potentially be \nexecuted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T20:00:11.036Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to PI Integrator for Business Analytics 2020 R2 SP2 or higher.\u003c/li\u003e\n\u003cli\u003eFrom [OSISoft Customer Portal](PI Integrator for Business \nAnalytics), search for \"PI Integrator for Business Analytics\" and select\n version 2020 R2 SP2 or higher.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\n\n\n\n * Upgrade to PI Integrator for Business Analytics 2020 R2 SP2 or higher.\n\n * From [OSISoft Customer Portal](PI Integrator for Business \nAnalytics), search for \"PI Integrator for Business Analytics\" and select\n version 2020 R2 SP2 or higher."
}
],
"source": {
"advisory": "ICSA-25-224-04",
"discovery": "EXTERNAL"
},
"title": "AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdditionally, AVEVA recommends the following general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAudit assigned permissions to ensure that only trusted users are given access rights to publication targets: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1013185.html\"\u003ehttps://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1013185.html\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003eEnsure\n publication targets of type Text File or HDFS are configured to limit \nallowed output file extensions and limit output folders to be logically \nisolated from critical system components or executable paths:\u003c/li\u003e\n\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html\"\u003ehttps://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html\u003c/a\u003e\u003c/li\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html\"\u003ehttps://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023009.html\u003c/a\u003eConsider applying Windows Defender Application Control (WDAC) to prevent execution of unauthorized executables: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://learn.microsoft.com/en-us/intune/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager\"\u003ehttps://learn.microsoft.com/en-us/intune/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Additionally, AVEVA recommends the following general defensive measures:\n\n\n\n * Audit assigned permissions to ensure that only trusted users are given access rights to publication targets: https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1013185.html \n\n\n * Ensure\n publication targets of type Text File or HDFS are configured to limit \nallowed output file extensions and limit output folders to be logically \nisolated from critical system components or executable paths:\n\n * https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html \n https://learn.microsoft.com/en-us/intune/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-54460",
"datePublished": "2025-08-21T20:00:11.036Z",
"dateReserved": "2025-07-31T16:41:30.389Z",
"dateUpdated": "2025-08-21T20:13:06.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41415 (GCVE-0-2025-41415)
Vulnerability from cvelistv5 – Published: 2025-08-21 19:57 – Updated: 2025-08-21 20:13
VLAI?
Title
AVEVA PI Integrator Insertion of Sensitive Information into Sent Data
Summary
The vulnerability, if exploited, could allow an authenticated miscreant
(with privileges to access publication targets) to retrieve sensitive
information that could then be used to gain additional access to
downstream resources.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Integrator |
Affected:
0 , < 2020 R2 SP1
(custom)
|
Credits
Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T20:13:29.628004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T20:13:40.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Integrator",
"vendor": "AVEVA",
"versions": [
{
"lessThan": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maxime Escourbiac, Michelin CERT, and Adam Bertrand, Abicom for Michelin CERT reported these vulnerabilities to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privileges to access publication targets) to retrieve sensitive \ninformation that could then be used to gain additional access to \ndownstream resources."
}
],
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privileges to access publication targets) to retrieve sensitive \ninformation that could then be used to gain additional access to \ndownstream resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T19:57:26.099Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to PI Integrator for Business Analytics 2020 R2 SP2 or higher.\u003c/li\u003e\n\u003cli\u003eFrom [OSISoft Customer Portal](PI Integrator for Business \nAnalytics), search for \"PI Integrator for Business Analytics\" and select\n version 2020 R2 SP2 or higher.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\n\n\n\n * Upgrade to PI Integrator for Business Analytics 2020 R2 SP2 or higher.\n\n * From [OSISoft Customer Portal](PI Integrator for Business \nAnalytics), search for \"PI Integrator for Business Analytics\" and select\n version 2020 R2 SP2 or higher."
}
],
"source": {
"advisory": "ICSA-25-224-04",
"discovery": "EXTERNAL"
},
"title": "AVEVA PI Integrator Insertion of Sensitive Information into Sent Data",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdditionally, AVEVA recommends the following general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAudit assigned permissions to ensure that only trusted users are given access rights to publication targets: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1013185.html\"\u003ehttps://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1013185.html\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003eEnsure\n publication targets of type Text File or HDFS are configured to limit \nallowed output file extensions and limit output folders to be logically \nisolated from critical system components or executable paths:\u003c/li\u003e\n\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html\"\u003ehttps://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html\u003c/a\u003e\u003c/li\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html\"\u003ehttps://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023009.html\u003c/a\u003eConsider applying Windows Defender Application Control (WDAC) to prevent execution of unauthorized executables: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://learn.microsoft.com/en-us/intune/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager\"\u003ehttps://learn.microsoft.com/en-us/intune/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Additionally, AVEVA recommends the following general defensive measures:\n\n\n\n * Audit assigned permissions to ensure that only trusted users are given access rights to publication targets: https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1013185.html \n\n\n * Ensure\n publication targets of type Text File or HDFS are configured to limit \nallowed output file extensions and limit output folders to be logically \nisolated from critical system components or executable paths:\n\n * https://docs.aveva.com/bundle/pi-integrator-for-business-analytics/page/1023019.html \n https://learn.microsoft.com/en-us/intune/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-41415",
"datePublished": "2025-08-21T19:57:26.099Z",
"dateReserved": "2025-07-31T16:41:30.376Z",
"dateUpdated": "2025-08-21T20:13:40.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36539 (GCVE-0-2025-36539)
Vulnerability from cvelistv5 – Published: 2025-06-12 19:56 – Updated: 2025-06-12 20:04
VLAI?
Title
AVEVA PI Data Archive Uncaught Exception
Summary
AVEVA PI Data Archive products
are vulnerable to an uncaught exception that, if exploited, could allow
an authenticated user to shut down certain necessary PI Data Archive
subsystems, resulting in a denial of service.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Data Archive |
Affected:
2023 , ≤ 2018 SP3 Patch 4
(custom)
|
||
Credits
AVEVA reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T20:04:09.170573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T20:04:23.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Data Archive",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2018 SP3 Patch 4",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Data Archive",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2018 SP3 Patch 6",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2018 SP3 Patch 6",
"status": "affected",
"version": "2023 Patch 1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AVEVA PI Data Archive products \nare vulnerable to an uncaught exception that, if exploited, could allow \nan authenticated user to shut down certain necessary PI Data Archive \nsubsystems, resulting in a denial of service."
}
],
"value": "AVEVA PI Data Archive products \nare vulnerable to an uncaught exception that, if exploited, could allow \nan authenticated user to shut down certain necessary PI Data Archive \nsubsystems, resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:56:33.320Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-07"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of PI Data \nArchive and PI Server can be fixed by upgrading to PI Server 2024 or \nhigher. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"AVEVA PI Server\" and select version 2024 or higher.\u003c/p\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-001\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\n\nAll affected versions of PI Data \nArchive and PI Server can be fixed by upgrading to PI Server 2024 or \nhigher. From OSISoft Customer Portal https://my.osisoft.com/ , search for \"AVEVA PI Server\" and select version 2024 or higher.\n\nFor additional information please refer to AVEVA-2025-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-162-07",
"discovery": "INTERNAL"
},
"title": "AVEVA PI Data Archive Uncaught Exception",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor liveness of PI Network Manager and PI Archive Subsystem services.\u003c/li\u003e\n\u003cli\u003eSet the PI Network Manager and PI Archive Subsystem services to automatically restart.\u003c/li\u003e\n\u003cli\u003eLimit Port 5450 access to trusted workstations and software.\u003c/li\u003e\n\u003cli\u003eFor a list of PI System firewall port requirements, see knowledge base article \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB01162\"\u003eKB01162 - Firewall Port Requirements\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cli\u003eImpact and severity of vulnerabilities can be reduced through \nindustry accepted IT practices. Please consult your IT engineer for \nadvice on how to best implement these firewall restrictions in your \norganization\u0027s architecture. OSIsoft technical support provides guidance\n on architectural approaches, backup procedures, network defenses, and \noperating system configuration.\u003c/li\u003e\u003cli\u003eFor a starting point on PI System security best practices, see knowledge base article \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833\"\u003eKB00833 - Seven best practices for securing your PI Server\u003c/a\u003e.\u003c/li\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-001\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\n\nAVEVA further recommends users follow general defensive measures:\n\n\n\n * Monitor liveness of PI Network Manager and PI Archive Subsystem services.\n\n * Set the PI Network Manager and PI Archive Subsystem services to automatically restart.\n\n * Limit Port 5450 access to trusted workstations and software.\n\n * For a list of PI System firewall port requirements, see knowledge base article KB01162 - Firewall Port Requirements https://customers.osisoft.com/s/knowledgearticle .\n\n\n * Impact and severity of vulnerabilities can be reduced through \nindustry accepted IT practices. Please consult your IT engineer for \nadvice on how to best implement these firewall restrictions in your \norganization\u0027s architecture. OSIsoft technical support provides guidance\n on architectural approaches, backup procedures, network defenses, and \noperating system configuration.\n * For a starting point on PI System security best practices, see knowledge base article KB00833 - Seven best practices for securing your PI Server https://customers.osisoft.com/s/knowledgearticle .\nFor additional information please refer to AVEVA-2025-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-36539",
"datePublished": "2025-06-12T19:56:33.320Z",
"dateReserved": "2025-04-21T19:39:54.984Z",
"dateUpdated": "2025-06-12T20:04:23.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44019 (GCVE-0-2025-44019)
Vulnerability from cvelistv5 – Published: 2025-06-12 19:51 – Updated: 2025-06-12 20:06
VLAI?
Title
AVEVA PI Data Archive Uncaught Exception
Summary
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if
exploited, could allow an authenticated user to shut down certain
necessary PI Data Archive subsystems, resulting in a denial of service.
Depending on the timing of the crash, data present in snapshots/write
cache may be lost.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | PI Data Archive |
Affected:
0 , ≤ 2018 SP3 Patch 4
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
AVEVA reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T20:06:34.741269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T20:06:50.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Data Archive",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2018 SP3 Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Data Archive",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Data Archive",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023 Patch 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2018 SP3 Patch 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023 Patch 1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if \nexploited, could allow an authenticated user to shut down certain \nnecessary PI Data Archive subsystems, resulting in a denial of service. \nDepending on the timing of the crash, data present in snapshots/write \ncache may be lost."
}
],
"value": "AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if \nexploited, could allow an authenticated user to shut down certain \nnecessary PI Data Archive subsystems, resulting in a denial of service. \nDepending on the timing of the crash, data present in snapshots/write \ncache may be lost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:59:08.542Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-07"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"url": "https://my.osisoft.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of PI Data \nArchive and PI Server can be fixed by upgrading to PI Server 2024 or \nhigher. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"AVEVA PI Server\" and select version 2024 or higher.\u003c/p\u003e\u003cp\u003ePI Data Archive 2018 SP3 Patch 4 and all prior and \nPI Server 2018 SP3 Patch 6 and all prior can alternatively be fixed by \nupgrading to PI Server 2018 SP3 Patch 7 or higher. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"AVEVA PI Server\" and select Version 2018 SP3 Patch 7 or higher.\u003c/p\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-001\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\n\nAll affected versions of PI Data \nArchive and PI Server can be fixed by upgrading to PI Server 2024 or \nhigher. From OSISoft Customer Portal https://my.osisoft.com/ , search for \"AVEVA PI Server\" and select version 2024 or higher.\n\nPI Data Archive 2018 SP3 Patch 4 and all prior and \nPI Server 2018 SP3 Patch 6 and all prior can alternatively be fixed by \nupgrading to PI Server 2018 SP3 Patch 7 or higher. From OSISoft Customer Portal https://my.osisoft.com/ , search for \"AVEVA PI Server\" and select Version 2018 SP3 Patch 7 or higher.\n\nFor additional information please refer to AVEVA-2025-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-162-07",
"discovery": "INTERNAL"
},
"title": "AVEVA PI Data Archive Uncaught Exception",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor liveness of PI Network Manager and PI Archive Subsystem services.\u003c/li\u003e\n\u003cli\u003eSet the PI Network Manager and PI Archive Subsystem services to automatically restart.\u003c/li\u003e\n\u003cli\u003eLimit Port 5450 access to trusted workstations and software.\u003c/li\u003e\n\u003cli\u003eFor a list of PI System firewall port requirements, see knowledge base article \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB01162\"\u003eKB01162 - Firewall Port Requirements\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cli\u003eImpact and severity of vulnerabilities can be reduced through \nindustry accepted IT practices. Please consult your IT engineer for \nadvice on how to best implement these firewall restrictions in your \norganization\u0027s architecture. OSIsoft technical support provides guidance\n on architectural approaches, backup procedures, network defenses, and \noperating system configuration.\u003c/li\u003e\n\u003cli\u003eFor a starting point on PI System security best practices, see knowledge base article \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833\"\u003eKB00833 - Seven best practices for securing your PI Server\u003c/a\u003e.\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-001\u003c/a\u003e.\n\n\u003c/p\u003e\n\n\u003c/li\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users with affected product versions should \napply security updates to mitigate the risk of exploit.\u00a0\n\nAVEVA further recommends users follow general defensive measures:\n\n\n\n * Monitor liveness of PI Network Manager and PI Archive Subsystem services.\n\n * Set the PI Network Manager and PI Archive Subsystem services to automatically restart.\n\n * Limit Port 5450 access to trusted workstations and software.\n\n * For a list of PI System firewall port requirements, see knowledge base article KB01162 - Firewall Port Requirements https://customers.osisoft.com/s/knowledgearticle .\n\n\n * Impact and severity of vulnerabilities can be reduced through \nindustry accepted IT practices. Please consult your IT engineer for \nadvice on how to best implement these firewall restrictions in your \norganization\u0027s architecture. OSIsoft technical support provides guidance\n on architectural approaches, backup procedures, network defenses, and \noperating system configuration.\n\n * For a starting point on PI System security best practices, see knowledge base article KB00833 - Seven best practices for securing your PI Server https://customers.osisoft.com/s/knowledgearticle .\n\n\nFor additional information please refer to AVEVA-2025-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .\n\n\n\n\n\n\n *"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-44019",
"datePublished": "2025-06-12T19:51:56.663Z",
"dateReserved": "2025-04-21T19:39:54.994Z",
"dateUpdated": "2025-06-12T20:06:50.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2745 (GCVE-0-2025-2745)
Vulnerability from cvelistv5 – Published: 2025-06-12 19:42 – Updated: 2025-06-12 20:09
VLAI?
Title
AVEVA PI Web API Cross-site Scripting
Summary
A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or upload media files) to
persist arbitrary JavaScript code that will be executed by users who
were socially engineered to disable content security policy protections
while rendering annotation attachments from within a web browser.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Web API |
Affected:
0 , ≤ 2023 SP1
(custom)
|
Credits
AVEVA reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T20:09:20.915656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T20:09:34.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Web API",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting vulnerability exists in AVEVA\u0026nbsp;PI Web API version 2023 \nSP1 and prior that, if exploited, could allow an authenticated attacker \n(with privileges to create/update annotations or upload media files) to \npersist arbitrary JavaScript code that will be executed by users who \nwere socially engineered to disable content security policy protections \nwhile rendering annotation attachments from within a web browser."
}
],
"value": "A cross-site scripting vulnerability exists in AVEVA\u00a0PI Web API version 2023 \nSP1 and prior that, if exploited, could allow an authenticated attacker \n(with privileges to create/update annotations or upload media files) to \npersist arbitrary JavaScript code that will be executed by users who \nwere socially engineered to disable content security policy protections \nwhile rendering annotation attachments from within a web browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:42:27.001Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-08"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eFrom \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"PI Web API\" and select version 2023 SP1 Patch 1 or higher.\u0026nbsp;\u003cbr\u003e\nFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-003\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\n\nFrom OSISoft Customer Portal https://my.osisoft.com/ , search for \"PI Web API\" and select version 2023 SP1 Patch 1 or higher.\u00a0\n\nFor additional information please refer to AVEVA-2025-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-162-08",
"discovery": "INTERNAL"
},
"title": "AVEVA PI Web API Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReview and update the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-server-f-af-pse/page/1022248.html\"\u003efile extensions allowlist\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e for annotation attachments to remove potentially vulnerable of undesired file types (ex: svg, pdf, ...).\u003c/li\u003e\n\u003cli\u003eConsider implementing IT policies that would prevent users from \nsubverting/disabling content security policy browser protections.\u003c/li\u003e\n\u003cli\u003eInform PI Web API users that annotation attachments should be \nretrieved through direct REST requests to PI Web API rather than \nrendering them in the browser interface.\u003c/li\u003e\n\u003cli\u003eAudit assigned privileges to ensure that only trusted users are given \"Annotate\" \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/pi-server-f-af-pse/page/1020021.html\"\u003eaccess rights\u003c/a\u003e\u003c/li\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-003\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA further recommends users follow general defensive measures:\n\n\n\n * Review and update the file extensions allowlist https://docs.aveva.com/bundle/pi-server-f-af-pse/page/1022248.html \n\n\n * for annotation attachments to remove potentially vulnerable of undesired file types (ex: svg, pdf, ...).\n\n * Consider implementing IT policies that would prevent users from \nsubverting/disabling content security policy browser protections.\n\n * Inform PI Web API users that annotation attachments should be \nretrieved through direct REST requests to PI Web API rather than \nrendering them in the browser interface.\n\n * Audit assigned privileges to ensure that only trusted users are given \"Annotate\" access rights https://docs.aveva.com/bundle/pi-server-f-af-pse/page/1020021.html \nFor additional information please refer to AVEVA-2025-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-2745",
"datePublished": "2025-06-12T19:42:27.001Z",
"dateReserved": "2025-03-24T16:30:31.847Z",
"dateUpdated": "2025-06-12T20:09:34.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4418 (GCVE-0-2025-4418)
Vulnerability from cvelistv5 – Published: 2025-06-12 19:37 – Updated: 2025-06-12 19:54
VLAI?
Title
AVEVA PI Connector for CygNet Improper Validation of Integrity Check Value
Summary
An improper validation of integrity check value vulnerability exists in
AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited,
could allow a miscreant with elevated privileges to modify PI Connector
for CygNet local data files (cache and buffers) in a way that causes the
connector service to become unresponsive.
Severity ?
4.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Connector for CygNet |
Affected:
0 , ≤ 1.6.14
(custom)
|
Credits
AVEVA reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T19:53:58.062161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:54:54.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Connector for CygNet",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "1.6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper validation of integrity check value vulnerability exists in \n\nAVEVA\u0026nbsp;PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, \ncould allow a miscreant with elevated privileges to modify PI Connector \nfor CygNet local data files (cache and buffers) in a way that causes the\n connector service to become unresponsive."
}
],
"value": "An improper validation of integrity check value vulnerability exists in \n\nAVEVA\u00a0PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, \ncould allow a miscreant with elevated privileges to modify PI Connector \nfor CygNet local data files (cache and buffers) in a way that causes the\n connector service to become unresponsive."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:37:46.740Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"PI Connector for CygNet\" and select Version 1.7.0 or higher.\n\n\u003cbr\u003e\u003c/p\u003e\nFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-002\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\n\nAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From OSISoft Customer Portal https://my.osisoft.com/ , search for \"PI Connector for CygNet\" and select Version 1.7.0 or higher.\n\n\n\n\n\nFor additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-162-09",
"discovery": "INTERNAL"
},
"title": "AVEVA PI Connector for CygNet Improper Validation of Integrity Check Value",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure that PI Connector for CygNet administrative access is only provided to trusted entities.\u003c/li\u003e\n\u003cli\u003eAudit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\u003c/li\u003e\n\u003cli\u003eAudit and limit membership to the OS Local \"Administrators\" and \"PI Connector Administrators\" groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-002\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA further recommends users follow general defensive measures:\n\n\n\n * Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.\n\n * Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\n\n * Audit and limit membership to the OS Local \"Administrators\" and \"PI Connector Administrators\" groups.\n\n\n\n\nFor additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \n\n."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-4418",
"datePublished": "2025-06-12T19:37:46.740Z",
"dateReserved": "2025-05-07T18:16:55.551Z",
"dateUpdated": "2025-06-12T19:54:54.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4417 (GCVE-0-2025-4417)
Vulnerability from cvelistv5 – Published: 2025-06-12 19:32 – Updated: 2025-06-12 19:57
VLAI?
Title
AVEVA PI Connector for CygNet Cross-site Scripting
Summary
A cross-site scripting vulnerability exists in
AVEVA PI Connector for CygNet
Versions 1.6.14 and prior that, if exploited, could allow an
administrator miscreant with local access to the connector admin portal
to persist arbitrary JavaScript code that will be executed by other
users who visit affected pages.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Connector for CygNet |
Affected:
0 , ≤ 1.6.14
(custom)
|
Credits
AVEVA reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T19:56:09.240198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:57:09.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Connector for CygNet",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "1.6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting vulnerability exists in \nAVEVA\u0026nbsp;PI Connector for CygNet \nVersions 1.6.14 and prior that, if exploited, could allow an \nadministrator miscreant with local access to the connector admin portal \nto persist arbitrary JavaScript code that will be executed by other \nusers who visit affected pages."
}
],
"value": "A cross-site scripting vulnerability exists in \nAVEVA\u00a0PI Connector for CygNet \nVersions 1.6.14 and prior that, if exploited, could allow an \nadministrator miscreant with local access to the connector admin portal \nto persist arbitrary JavaScript code that will be executed by other \nusers who visit affected pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:32:32.628Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSISoft Customer Portal\u003c/a\u003e, search for \"PI Connector for CygNet\" and select Version 1.7.0 or higher.\n\n\u003cbr\u003e\u003c/p\u003e\nFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-002\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users of affected product versions should \napply security updates to mitigate the risk of exploit.\n\nAll affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From OSISoft Customer Portal https://my.osisoft.com/ , search for \"PI Connector for CygNet\" and select Version 1.7.0 or higher.\n\n\n\n\n\nFor additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-162-09",
"discovery": "INTERNAL"
},
"title": "AVEVA PI Connector for CygNet Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure that PI Connector for CygNet administrative access is only provided to trusted entities.\u003c/li\u003e\n\u003cli\u003eAudit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\u003c/li\u003e\n\u003cli\u003eAudit and limit membership to the OS Local \"Administrators\" and \"PI Connector Administrators\" groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2025-002\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA further recommends users follow general defensive measures:\n\n\n\n * Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.\n\n * Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.\n\n * Audit and limit membership to the OS Local \"Administrators\" and \"PI Connector Administrators\" groups.\n\n\n\n\nFor additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \n\n."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-4417",
"datePublished": "2025-06-12T19:32:32.628Z",
"dateReserved": "2025-05-07T18:16:54.504Z",
"dateUpdated": "2025-06-12T19:57:09.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6456 (GCVE-0-2024-6456)
Vulnerability from cvelistv5 – Published: 2024-08-15 20:10 – Updated: 2024-08-16 13:32
VLAI?
Title
SQL Injection vulnerability in AVEVA Historian Server
Summary
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | Historian Web Server |
Affected:
2023R2
Affected: 2023 , < 2023 P03 (custom) Affected: 2020 , < 2020 R2 SP1 P01 (custom) |
Credits
Maurizio Gatti from Accenture S.p.A reported this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "historian",
"vendor": "aveva",
"versions": [
{
"lessThan": "2020_r2_sp1_p01",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:aveva:historian:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "historian",
"vendor": "aveva",
"versions": [
{
"lessThan": "2023_p03",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:aveva:historian:2023r2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "historian",
"vendor": "aveva",
"versions": [
{
"status": "affected",
"version": "2023r2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T13:26:10.793548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:32:49.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Historian Web Server",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023R2"
},
{
"lessThan": "2023 P03",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2020 R2 SP1 P01",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maurizio Gatti from Accenture S.p.A reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL."
}
],
"value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T20:10:58.586Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-10"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eAVEVA recommends Historian is upgraded by AVEVA System Platform media:\u003c/p\u003e\u003cul\u003e\u003cli\u003e(Recommended) All affected versions can be fixed by upgrading to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=f9477c62-1966-4020-8909-fa20f4ef2b2b\"\u003eAVEVA System Platform 2023 R2 P01\u003c/a\u003e\u003c/li\u003e\u003cli\u003e(Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=2a9cc3c1-be8a-4f61-8973-dadab079f9a7\"\u003eAVEVA System Platform 2023 P04\u003c/a\u003e\u003c/li\u003e\u003cli\u003e(Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Global Customer Support\u003c/a\u003e\u0026nbsp;for instructions on how to download and apply this security fix.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAVEVA also recommends the following general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEstablish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e. If you discover errors or omissions in this advisory, please report the finding to Support.\u003c/p\u003e\u003cp\u003eFor the latest AVEVA security information and security updates, please visit \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/securitycentral\"\u003eAVEVA Security Central\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAveva recommends users looking for general information regarding how to secure Industrial Control Systems reference the NIST Guide to Operational Technology (OT) Security, \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf\"\u003eNIST SP800-82r3\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor more information, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-005.pdf\"\u003eAVEVA\u0027s Security Bulletin AVEVA-2024-005.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates as soon as possible.\n\nAVEVA recommends Historian is upgraded by AVEVA System Platform media:\n\n * (Recommended) All affected versions can be fixed by upgrading to AVEVA System Platform 2023 R2 P01 https://softwaresupportsp.aveva.com/#/producthub/details \n * (Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to AVEVA System Platform 2023 P04 https://softwaresupportsp.aveva.com/#/producthub/details \n * (Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact AVEVA Global Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0for instructions on how to download and apply this security fix.\n\n\nAVEVA also recommends the following general defensive measures:\n\n * Establish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ . If you discover errors or omissions in this advisory, please report the finding to Support.\n\nFor the latest AVEVA security information and security updates, please visit AVEVA Security Central https://softwaresupportsp.aveva.com/#/securitycentral .\n\nAveva recommends users looking for general information regarding how to secure Industrial Control Systems reference the NIST Guide to Operational Technology (OT) Security, NIST SP800-82r3 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf .\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2024-005. https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-005.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection vulnerability in AVEVA Historian Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-6456",
"datePublished": "2024-08-15T20:10:58.586Z",
"dateReserved": "2024-07-02T18:09:17.280Z",
"dateUpdated": "2024-08-16T13:32:49.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6619 (GCVE-0-2024-6619)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:41 – Updated: 2024-08-14 14:37
VLAI?
Title
Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
Summary
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ocean Data Systems | Dream Report 2023 |
Affected:
0 , ≤ 23.0.17795.1010
(custom)
|
|||||||
|
|||||||||
Credits
Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ocean_data_systems:dream_report_2023:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dream_report_2023",
"vendor": "ocean_data_systems",
"versions": [
{
"lessThanOrEqual": "23.0.17795.1010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:aveva:reports_for_operations_2023:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reports_for_operations_2023",
"vendor": "aveva",
"versions": [
{
"lessThanOrEqual": "23.0.17795.1010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:32:26.198655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:37:29.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dream Report 2023",
"vendor": "Ocean Data Systems",
"versions": [
{
"lessThanOrEqual": "23.0.17795.1010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Reports for Operations 2023",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "23.0.17795.1010"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:41:03.858Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOcean Data Systems recommends users update to the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDream Report 2023 R2: Version 23.3.18952.0523\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dreamreport.net/\"\u003eDream Report Version 2023 R2 Released\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=247ce8d6-0f2e-498c-9024-58c96bb6d8de\"\u003eAVEVA Reports for Operations 2023 R2\u003c/a\u003e\u0026nbsp;or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf\"\u003eAVEVA-2024-006\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ocean Data Systems recommends users update to the following:\n\n * Dream Report 2023 R2: Version 23.3.18952.0523\n\n\nFor more information, see Dream Report Version 2023 R2 Released https://dreamreport.net/ .\n\nAVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:\n\n * Update to AVEVA Reports for Operations 2023 R2 https://softwaresupportsp.aveva.com/#/producthub/details \u00a0or later\n\n\nFor more information, see security bulletin AVEVA-2024-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-6619",
"datePublished": "2024-08-13T16:41:03.858Z",
"dateReserved": "2024-07-09T15:19:05.392Z",
"dateUpdated": "2024-08-14T14:37:29.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6618 (GCVE-0-2024-6618)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:37 – Updated: 2024-08-20 16:31
VLAI?
Title
Path Traversal in Ocean Data Systems Dream Report
Summary
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ocean Data Systems | Dream Report 2023 |
Affected:
0 , ≤ 23.0.17795.1010
(custom)
|
|||||||
|
|||||||||
Credits
Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ocean_data_systems:dream_report_2023:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dream_report_2023",
"vendor": "ocean_data_systems",
"versions": [
{
"lessThanOrEqual": "23.0.17795.1010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:aveva:reports_for_operations_2023:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reports_for_operations_2023",
"vendor": "aveva",
"versions": [
{
"status": "affected",
"version": "23.0.17795.1010"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T16:29:10.362961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T16:31:02.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dream Report 2023",
"vendor": "Ocean Data Systems",
"versions": [
{
"lessThanOrEqual": "23.0.17795.1010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Reports for Operations",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "23.0.17795.1010"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:37:41.654Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOcean Data Systems recommends users update to the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDream Report 2023 R2: Version 23.3.18952.0523\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dreamreport.net/\"\u003eDream Report Version 2023 R2 Released\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=247ce8d6-0f2e-498c-9024-58c96bb6d8de\"\u003eAVEVA Reports for Operations 2023 R2\u003c/a\u003e\u0026nbsp;or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf\"\u003eAVEVA-2024-006\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ocean Data Systems recommends users update to the following:\n\n * Dream Report 2023 R2: Version 23.3.18952.0523\n\n\nFor more information, see Dream Report Version 2023 R2 Released https://dreamreport.net/ .\n\nAVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:\n\n * Update to AVEVA Reports for Operations 2023 R2 https://softwaresupportsp.aveva.com/#/producthub/details \u00a0or later\n\n\nFor more information, see security bulletin AVEVA-2024-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal in Ocean Data Systems Dream Report",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-6618",
"datePublished": "2024-08-13T16:37:41.654Z",
"dateReserved": "2024-07-09T15:19:01.141Z",
"dateUpdated": "2024-08-20T16:31:02.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7113 (GCVE-0-2024-7113)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:26 – Updated: 2024-08-15 18:49
VLAI?
Title
Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server
Summary
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SuiteLink Server |
Affected:
0 , ≤ 3.7.0
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
DOE CESER's CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T18:48:38.378253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:49:01.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuiteLink Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "3.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DOE CESER\u0027s CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:26:32.285Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eAll impacted products and affected versions can be fixed by installing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=afeb5492-f764-4af3-b408-acc4c991f699\"\u003eSuiteLink v3.7.100\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAVEVA recommends the following general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eApply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf\"\u003eAVEVA-2024-007\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\n\nAll impacted products and affected versions can be fixed by installing SuiteLink v3.7.100 https://softwaresupportsp.aveva.com/#/producthub/details .\n\nAVEVA recommends the following general defensive measures:\n\n * Apply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\n\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2024-007 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-7113",
"datePublished": "2024-08-13T16:26:32.285Z",
"dateReserved": "2024-07-25T17:56:01.265Z",
"dateUpdated": "2024-08-15T18:49:01.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3468 (GCVE-0-2024-3468)
Vulnerability from cvelistv5 – Published: 2024-06-12 21:04 – Updated: 2024-08-01 20:12
VLAI?
Title
Deserialization of Untrusted Data in AVEVA PI Web API
Summary
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Web API |
Affected:
0 , ≤ 2023
(custom)
|
Credits
AVEVA reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T19:42:01.196496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T19:42:12.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Web API",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker."
}
],
"value": "There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T21:04:28.259Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\u003c/p\u003e\u003cp\u003eFrom \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \"PI Web API\" and select version \"2023 SP1\" or later.\u003c/p\u003e\u003cp\u003e(Alternative) PI Web API 2021 SP3 can be fixed by upgrading PI AF Client to one of the versions specified in AVEVA Security Bulletin AVEVA-2024-004 / ICSA-24-163-03\u003c/p\u003e\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSet \"DisableWrites\" configuration setting to true, if this instance of PI Web API is used only for reading data or GET requests.\u003c/li\u003e\u003cli\u003eUninstall Core Endpoints feature if this instance of PI Web API is used only for data collection from AVEVA Adapters. Keep OMF feature installed.\u003c/li\u003e\u003cli\u003eLimit AF Servers\u0027 Administrators, so that most of the PI Web API user accounts don\u0027t have the permission to change the backend AF servers.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2024-003\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\n\nFrom OSI Soft Customer Portal https://my.osisoft.com/ , search for \"PI Web API\" and select version \"2023 SP1\" or later.\n\n(Alternative) PI Web API 2021 SP3 can be fixed by upgrading PI AF Client to one of the versions specified in AVEVA Security Bulletin AVEVA-2024-004 / ICSA-24-163-03\n\nAVEVA further recommends users follow general defensive measures:\n\n * Set \"DisableWrites\" configuration setting to true, if this instance of PI Web API is used only for reading data or GET requests.\n * Uninstall Core Endpoints feature if this instance of PI Web API is used only for data collection from AVEVA Adapters. Keep OMF feature installed.\n * Limit AF Servers\u0027 Administrators, so that most of the PI Web API user accounts don\u0027t have the permission to change the backend AF servers.\n\n\nFor additional information please refer to AVEVA-2024-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deserialization of Untrusted Data in AVEVA PI Web API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3468",
"datePublished": "2024-06-12T21:04:28.259Z",
"dateReserved": "2024-04-08T15:55:44.887Z",
"dateUpdated": "2024-08-01T20:12:07.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3467 (GCVE-0-2024-3467)
Vulnerability from cvelistv5 – Published: 2024-06-12 21:04 – Updated: 2024-08-01 20:12
VLAI?
Title
Deserialization of Untrusted Data in AVEVA PI Asset Framework Client
Summary
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Asset Framework Client |
Affected:
2023
Affected: 0 , ≤ 2018 SP3 P04 (custom) |
Credits
AVEVA reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aveva:pi_asset_framework_client:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pi_asset_framework_client",
"vendor": "aveva",
"versions": [
{
"status": "affected",
"version": "2023"
}
]
},
{
"cpes": [
"cpe:2.3:a:aveva:pi_asset_framework_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pi_asset_framework_client",
"vendor": "aveva",
"versions": [
{
"lessThanOrEqual": "2018",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T18:12:24.328615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:32:56.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Asset Framework Client",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023"
},
{
"lessThanOrEqual": "2018 SP3 P04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.\u003c/span\u003e"
}
],
"value": "There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T21:04:26.635Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\u003c/p\u003e\u003cul\u003e\u003cli\u003e(Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:\u003cbr\u003eFrom \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.\u003c/li\u003e\u003cli\u003e(Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:\u003cbr\u003eFrom \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eRun PI System Explorer as a least privilege interactive account when possible.\u003c/li\u003e\u003cli\u003eEstablish procedures for verifying the source of XML is trusted before importing into PI System Explorer.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2024-004\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\n\n * (Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:\nFrom OSI Soft Customer Portal https://my.osisoft.com/ , search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.\n * (Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:\nFrom OSI Soft Customer Portal https://my.osisoft.com/ , search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.\n\n\nAVEVA further recommends users follow general defensive measures:\n\n * Run PI System Explorer as a least privilege interactive account when possible.\n * Establish procedures for verifying the source of XML is trusted before importing into PI System Explorer.\n\n\nFor additional information please refer to AVEVA-2024-004 https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deserialization of Untrusted Data in AVEVA PI Asset Framework Client",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3467",
"datePublished": "2024-06-12T21:04:26.635Z",
"dateReserved": "2024-04-08T15:55:44.665Z",
"dateUpdated": "2024-08-01T20:12:07.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6132 (GCVE-0-2023-6132)
Vulnerability from cvelistv5 – Published: 2024-02-29 17:40 – Updated: 2024-08-22 18:02
VLAI?
Title
AVEVA Edge products Uncontrolled Search Path Element
Summary
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | AVEVA Edge |
Affected:
0 , ≤ 2020 R2 SP2
(custom)
|
Credits
Ting Chen of UESTC discovered and disclosed this vulnerability to AVEVA.
ADLab of Venustech discovered and disclosed this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aveva_edge",
"vendor": "aveva",
"versions": [
{
"lessThan": "2020_r2_sp2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:50:57.047063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:02:51.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AVEVA Edge",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ting Chen of UESTC discovered and disclosed this vulnerability to AVEVA. "
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ADLab of Venustech discovered and disclosed this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\u003c/span\u003e\n\n"
}
],
"value": "\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T17:40:05.162Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=0c8abaf3-2e4c-4be1-aa78-3ad445c58a16\"\u003eAVEVA Edge 2023\u003c/a\u003e, \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=1e5d9950-d945-4bab-984b-245fe3f152ac\"\u003eAVEVA Edge 2020 R2 SP2 P01\u003c/a\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eNote: Log-in is required.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, please refer to AVEVA\u0027s security advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2024-002.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website: AVEVA Edge 2023 https://softwaresupportsp.aveva.com/#/producthub/details , AVEVA Edge 2020 R2 SP2 P01 https://softwaresupportsp.aveva.com/#/producthub/details .\n\n * Note: Log-in is required.\n\n\nFor additional information, please refer to AVEVA\u0027s security advisory AVEVA-2024-002. https://www.aveva.com/en/support-and-success/cyber-security-updates/ \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Edge products Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-6132",
"datePublished": "2024-02-29T17:40:05.162Z",
"dateReserved": "2023-11-14T16:29:50.706Z",
"dateUpdated": "2024-08-22T18:02:51.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34348 (GCVE-0-2023-34348)
Vulnerability from cvelistv5 – Published: 2024-01-18 17:16 – Updated: 2024-10-21 11:44
VLAI?
Title
Improper Check or Handling of Exceptional Conditions in Aveva PI Server
Summary
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Aveva
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T05:01:34.023375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T11:44:39.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "Aveva",
"versions": [
{
"status": "affected",
"version": "2023"
},
{
"lessThanOrEqual": "2018 SP3 P05 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aveva"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T17:16:50.038Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAll affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.\u003c/p\u003e\u003cp\u003eFor an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.\u003c/p\u003e\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eAVEVA recommends the following defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSet the PI Message Subsystem to auto restart.\u003c/li\u003e\u003cli\u003eMonitor the memory usage of the PI Message Subsystem.\u003c/li\u003e\u003cli\u003eLimit network access to port 5450 to trusted workstations and software\u003c/li\u003e\u003cli\u003eConfirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information on this vulnerability, including security updates, users should see security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf\"\u003eAVEVA-2024-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAll affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.\n\nFor an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.\n\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.\n\nAVEVA recommends the following defensive measures:\n\n * Set the PI Message Subsystem to auto restart.\n * Monitor the memory usage of the PI Message Subsystem.\n * Limit network access to port 5450 to trusted workstations and software\n * Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.\n\n\nFor more information on this vulnerability, including security updates, users should see security bulletin AVEVA-2024-001 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Check or Handling of Exceptional Conditions in Aveva PI Server ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-34348",
"datePublished": "2024-01-18T17:16:50.038Z",
"dateReserved": "2023-07-12T18:40:13.110Z",
"dateUpdated": "2024-10-21T11:44:39.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31274 (GCVE-0-2023-31274)
Vulnerability from cvelistv5 – Published: 2024-01-18 17:15 – Updated: 2024-08-29 20:02
VLAI?
Title
Missing Release of Resource after Effective Lifetime vulnerability in Aveva PI Server
Summary
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.
Severity ?
5.3 (Medium)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Aveva
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T05:01:33.321397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:02:08.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Server",
"vendor": "Aveva",
"versions": [
{
"status": "affected",
"version": "2023"
},
{
"lessThanOrEqual": "2018 SP3 P05 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aveva"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T17:15:25.837Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAll affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.\u003c/p\u003e\u003cp\u003eFor an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.\u003c/p\u003e\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eAVEVA recommends the following defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSet the PI Message Subsystem to auto restart.\u003c/li\u003e\u003cli\u003eMonitor the memory usage of the PI Message Subsystem.\u003c/li\u003e\u003cli\u003eLimit network access to port 5450 to trusted workstations and software\u003c/li\u003e\u003cli\u003eConfirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information on this vulnerability, including security updates, users should see security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf\"\u003eAVEVA-2024-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAll affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.\n\nFor an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.\n\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.\n\nAVEVA recommends the following defensive measures:\n\n * Set the PI Message Subsystem to auto restart.\n * Monitor the memory usage of the PI Message Subsystem.\n * Limit network access to port 5450 to trusted workstations and software\n * Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.\n\n\nFor more information on this vulnerability, including security updates, users should see security bulletin AVEVA-2024-001 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Release of Resource after Effective Lifetime vulnerability in Aveva PI Server ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-31274",
"datePublished": "2024-01-18T17:15:25.837Z",
"dateReserved": "2023-07-12T18:40:13.101Z",
"dateUpdated": "2024-08-29T20:02:08.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42797 (GCVE-0-2021-42797)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2024-08-04 03:38
VLAI?
Summary
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/products/edge/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T01:10:08.013113",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.aveva.com/en/products/edge/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42797",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42796 (GCVE-0-2021-42796)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2024-10-07 15:28
VLAI?
Summary
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/products/edge/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-42796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:26:12.989203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:28:19.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T01:05:03.026492",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.aveva.com/en/products/edge/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42796",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-10-07T15:28:19.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42794 (GCVE-0-2021-42794)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2024-08-04 03:38
VLAI?
Summary
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/products/edge/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts\u0027 responses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T01:00:50.688230",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf"
},
{
"url": "https://www.aveva.com/en/products/edge/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42794",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34982 (GCVE-0-2023-34982)
Vulnerability from cvelistv5 – Published: 2023-11-15 16:28 – Updated: 2024-08-02 16:17
VLAI?
Title
AVEVA Operations Control Logger External Control of File Name or Path
Summary
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SystemPlatform |
Affected:
0 , ≤ 2020 R2 SP1 P01
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemPlatform",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Licensing (formerly known as License Manager)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "3.7.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Manufacturing Execution System (formerly known as Wonderware MES)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Recipe Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 SP1 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge (formerly known as Indusoft Web Studio)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Worktasks (formerly known as Workflow Management)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 U2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Plant SCADA (formerly known as Citect)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telemetry Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"datePublic": "2023-11-14T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\u003c/span\u003e\n\n"
}
],
"value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T16:28:35.183Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eIn addition to applying security updates, users should follow these general precautions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure that Guest or Anonymous local OS accounts are disabled.\u003c/li\u003e\u003cli\u003eEnsure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA Security Bulletin number AVEVA-2023-003\u003c/a\u003e\u0026nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\"\u003eAlert 000038736.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Operations Control Logger External Control of File Name or Path ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-34982",
"datePublished": "2023-11-15T16:28:35.183Z",
"dateReserved": "2023-06-13T14:56:36.310Z",
"dateUpdated": "2024-08-02T16:17:04.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33873 (GCVE-0-2023-33873)
Vulnerability from cvelistv5 – Published: 2023-11-15 16:22 – Updated: 2024-11-21 20:10
VLAI?
Title
AVEVA Operations Control Logger Execution with Unnecessary Privileges
Summary
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SystemPlatform |
Affected:
0 , ≤ 2020 R2 SP1 P01
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T20:09:45.775149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T20:10:00.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemPlatform",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Licensing (formerly known as License Manager)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "3.7.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Manufacturing Execution System (formerly known as Wonderware MES)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Recipe Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 SP1 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge (formerly known as Indusoft Web Studio)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Worktasks (formerly known as Workflow Management)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 U2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Plant SCADA (formerly known as Citect)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telemetry Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"datePublic": "2023-11-14T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\u003c/span\u003e\n\n"
}
],
"value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T16:22:31.927Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eIn addition to applying security updates, users should follow these general precautions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure that Guest or Anonymous local OS accounts are disabled.\u003c/li\u003e\u003cli\u003eEnsure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA Security Bulletin number AVEVA-2023-003\u003c/a\u003e\u0026nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\"\u003eAlert 000038736.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Operations Control Logger Execution with Unnecessary Privileges ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-33873",
"datePublished": "2023-11-15T16:22:31.927Z",
"dateReserved": "2023-06-13T14:56:36.315Z",
"dateUpdated": "2024-11-21T20:10:00.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28685 (GCVE-0-2022-28685)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:02
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212.
Severity ?
7.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Credits
Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1124/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:01:41.749119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:02:25.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1124/"
},
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-28685",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:02:25.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36969 (GCVE-0-2022-36969)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:43
VLAI?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394.
Severity ?
5.5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
Credits
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1128/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:43:15.438562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:43:19.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1128/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-36969",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:43:19.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28687 (GCVE-0-2022-28687)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:37
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Credits
Flashback Team: Pedro Ribeiro (@pedrib1337) && Radek Domanski (@RabbitPro)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:51.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1126/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:58:01.415881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:37:10.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Flashback Team: Pedro Ribeiro (@pedrib1337) \u0026\u0026 Radek Domanski (@RabbitPro)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1126/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-28687",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:37:10.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36970 (GCVE-0-2022-36970)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 20:01
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.
Severity ?
7.8 (High)
CWE
- CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
Impacted products
Credits
Aaron Ferber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1129/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:00:58.067630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:01:03.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "20.0 Build: 4201.2111.1802.0000 Service Pack 2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aaron Ferber"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1129/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-36970",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T20:01:03.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28688 (GCVE-0-2022-28688)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:38
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Credits
Daan Keuper & Thijs Alkemade from Computest
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:51.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1127/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:55:32.366287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:38:11.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daan Keuper \u0026 Thijs Alkemade from Computest"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1127/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-28688",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:38:11.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28686 (GCVE-0-2022-28686)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:27
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Credits
Piotr Bazydlo (@chudypb)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:51.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1125/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:00:10.125880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:27:51.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Piotr Bazydlo (@chudypb)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1125/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-28686",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:27:51.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1256 (GCVE-0-2023-1256)
Vulnerability from cvelistv5 – Published: 2023-03-16 18:33 – Updated: 2025-01-16 21:42
VLAI?
Title
CVE-2023-1256
Summary
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.
Severity ?
9.8 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | AVEVA Plant SCADA |
Affected:
2023 Update 10
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:58:54.332556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:42:14.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVEVA Plant SCADA",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023 Update 10"
}
]
},
{
"product": "AVEVA Plant SCADA",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020R2 Update 10"
}
]
},
{
"product": "AVEVA Telemetry Server",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 R2 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-285 Improper Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T18:33:52.907Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1256",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1256"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1256",
"datePublished": "2023-03-16T18:33:52.907Z",
"dateReserved": "2023-03-07T16:15:30.636Z",
"dateUpdated": "2025-01-16T21:42:14.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}