Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Aveva Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42797 1 Aveva 1 Edge 2023-12-20 N/A 7.5 HIGH
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
CVE-2023-34982 1 Aveva 13 Batch Management, Communication Drivers, Edge and 10 more 2023-12-08 N/A 7.1 HIGH
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
CVE-2023-33873 1 Aveva 13 Batch Management, Communication Drivers, Edge and 10 more 2023-12-08 N/A 7.8 HIGH
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
CVE-2021-32971 1 Aveva 1 Suitelink 2021-10-01 5.0 MEDIUM 7.5 HIGH
Null pointer dereference in SuiteLink server while processing command 0x07
CVE-2021-32963 1 Aveva 1 Suitelink 2021-10-01 5.0 MEDIUM 7.5 HIGH
Null pointer dereference in SuiteLink server while processing commands 0x03/0x10
CVE-2021-32979 1 Aveva 1 Suitelink 2021-10-01 5.0 MEDIUM 7.5 HIGH
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
CVE-2021-32987 1 Aveva 1 Suitelink 2021-10-01 5.0 MEDIUM 7.5 HIGH
Null pointer dereference in SuiteLink server while processing command 0x0b
CVE-2021-32999 1 Aveva 1 Suitelink 2021-10-01 5.0 MEDIUM 7.5 HIGH
Improper handling of exceptional conditions in SuiteLink server while processing command 0x01
CVE-2017-5156 1 Aveva 1 Wonderware Intouch Access Anywhere 2021-09-09 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
CVE-2019-6525 1 Aveva 1 Wonderware System Platform 2020-10-16 4.0 MEDIUM 8.8 HIGH
AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.
CVE-2019-13537 1 Aveva 2 Iec870ip, Iec870ip Firmware 2020-02-10 5.0 MEDIUM 7.5 HIGH
The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.
CVE-2017-6021 2 Aveva, Schneider-electric 2 Clearscada, Clearscada 2019-10-09 5.0 MEDIUM 7.5 HIGH
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2017-9962 1 Aveva 1 Clearscada 2018-12-31 5.0 MEDIUM 7.5 HIGH
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.