Design/Logic Flaw

2021-06-0917:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

CPENameOperatorVersion
intouch_2017eq- update3
intouch_2020eq2.0.114

CPE	Name	Operator	Version
	intouch_2017	eq	- update3
	intouch_2020	eq	2.0.114

References

us-cert.cisa.gov/ics/advisories/icsa-21-159-03

www.aveva.com/en/support/cyber-security-updates/