CVE-2022-0835 (GCVE-0-2022-0835)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:38 – Updated: 2025-04-16 17:56
VLAI
EPSS
VEX
Title
AVEVA System Platform Cleartext Storage of Sensitive Information in Memory
Summary
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-316 - Cleartext Storage of Sensitive Information in Memory
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://www.aveva.com/content/dam/aveva/documents… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AVEVA | AVEVA System Platform |
Affected:
5.59 2020 R2 P01
Affected: 2020 R2S Affected: 2020 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:29:59.891448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:56:24.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVEVA System Platform",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "5.59 2020 R2 P01"
},
{
"status": "affected",
"version": "2020 R2S"
},
{
"status": "affected",
"version": "2020"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty and Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"value": "AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316: Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:38:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "AVEVA recommends users of affected versions upgrade to one of the versions listed below and apply the corresponding security update:\n\u2022\tAVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: update to AVEVA System Platform 2020 R2 SP1\n\u2022\tAVEVA System Platform 2020: update to AVEVA System Platform 2020 P01\n\nFor more information on this issue, including security updates, please see Security Bulletin AVEVA-2021-007\n"
}
],
"source": {
"advisory": "ICSA-22-067-02",
"discovery": "EXTERNAL"
},
"title": "AVEVA System Platform Cleartext Storage of Sensitive Information in Memory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-0835",
"STATE": "PUBLIC",
"TITLE": "AVEVA System Platform Cleartext Storage of Sensitive Information in Memory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AVEVA System Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.59",
"version_value": "2020 R2 P01"
},
{
"version_value": "2020 R2S"
},
{
"version_value": "2020"
}
]
}
}
]
},
"vendor_name": "AVEVA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty and Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316: Cleartext Storage of Sensitive Information in Memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02"
},
{
"name": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf",
"refsource": "CONFIRM",
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "AVEVA recommends users of affected versions upgrade to one of the versions listed below and apply the corresponding security update:\n\u2022\tAVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: update to AVEVA System Platform 2020 R2 SP1\n\u2022\tAVEVA System Platform 2020: update to AVEVA System Platform 2020 P01\n\nFor more information on this issue, including security updates, please see Security Bulletin AVEVA-2021-007\n"
}
],
"source": {
"advisory": "ICSA-22-067-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-0835",
"datePublished": "2022-04-11T19:38:30.000Z",
"dateReserved": "2022-03-02T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:56:24.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-0835",
"date": "2026-07-10",
"epss": "0.00166",
"percentile": "0.06126"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47F4B07-B67F-4855-AED2-D17B0E76FA8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:aveva:system_platform:2020:r2_patch01:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F27FDBD-1469-4E27-BB80-81D6C80CECF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:aveva:system_platform:2020:r2s:*:*:*:*:*:*\", \"matchCriteriaId\": \"5153D135-6C47-4980-BEB2-A14531F9476B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.\"}, {\"lang\": \"es\", \"value\": \"AVEVA System Platform versi\\u00f3n 2020, almacena informaci\\u00f3n confidencial en texto sin cifrar, lo que puede permitir el acceso a un atacante o a un usuario con pocos privilegios\"}]",
"id": "CVE-2022-0835",
"lastModified": "2024-11-21T06:39:29.600",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 1.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-04-11T20:15:16.540",
"references": "[{\"url\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-316\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-312\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-0835\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-04-11T20:15:16.540\",\"lastModified\":\"2026-06-17T04:21:20.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.\"},{\"lang\":\"es\",\"value\":\"AVEVA System Platform versi\u00f3n 2020, almacena informaci\u00f3n confidencial en texto sin cifrar, lo que puede permitir el acceso a un atacante o a un usuario con pocos privilegios\"}],\"affected\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"affectedData\":[{\"vendor\":\"AVEVA\",\"product\":\"AVEVA System Platform\",\"versions\":[{\"version\":\"5.59 2020 R2 P01\",\"status\":\"affected\"},{\"version\":\"2020 R2S\",\"status\":\"affected\"},{\"version\":\"2020\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-04-16T17:29:59.891448Z\",\"id\":\"CVE-2022-0835\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-316\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47F4B07-B67F-4855-AED2-D17B0E76FA8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:system_platform:2020:r2_patch01:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F27FDBD-1469-4E27-BB80-81D6C80CECF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:system_platform:2020:r2s:*:*:*:*:*:*\",\"matchCriteriaId\":\"5153D135-6C47-4980-BEB2-A14531F9476B\"}]}]}],\"references\":[{\"url\":\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:40:04.450Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-0835\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T17:29:59.891448Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T17:30:01.856Z\"}}], \"cna\": {\"title\": \"AVEVA System Platform Cleartext Storage of Sensitive Information in Memory\", \"source\": {\"advisory\": \"ICSA-22-067-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Noam Moshe of Claroty and Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"AVEVA\", \"product\": \"AVEVA System Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.59 2020 R2 P01\"}, {\"status\": \"affected\", \"version\": \"2020 R2S\"}, {\"status\": \"affected\", \"version\": \"2020\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"AVEVA recommends users of affected versions upgrade to one of the versions listed below and apply the corresponding security update:\\n\\u2022\\tAVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: update to AVEVA System Platform 2020 R2 SP1\\n\\u2022\\tAVEVA System Platform 2020: update to AVEVA System Platform 2020 P01\\n\\nFor more information on this issue, including security updates, please see Security Bulletin AVEVA-2021-007\\n\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-316\", \"description\": \"CWE-316: Cleartext Storage of Sensitive Information in Memory\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-04-11T19:38:30.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Noam Moshe of Claroty and Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA.\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"ICSA-22-067-02\", \"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"5.59\", \"version_value\": \"2020 R2 P01\", \"version_affected\": \"=\"}, {\"version_value\": \"2020 R2S\"}, {\"version_value\": \"2020\"}]}, \"product_name\": \"AVEVA System Platform\"}]}, \"vendor_name\": \"AVEVA\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"AVEVA recommends users of affected versions upgrade to one of the versions listed below and apply the corresponding security update:\\n\\u2022\\tAVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: update to AVEVA System Platform 2020 R2 SP1\\n\\u2022\\tAVEVA System Platform 2020: update to AVEVA System Platform 2020 P01\\n\\nFor more information on this issue, including security updates, please see Security Bulletin AVEVA-2021-007\\n\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\", \"name\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-316: Cleartext Storage of Sensitive Information in Memory\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-0835\", \"STATE\": \"PUBLIC\", \"TITLE\": \"AVEVA System Platform Cleartext Storage of Sensitive Information in Memory\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-0835\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T17:56:24.023Z\", \"dateReserved\": \"2022-03-02T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-04-11T19:38:30.000Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…