The vulnerability in the AVEVA (Wonderware) Historian web server’s data archiving mechanism involves a lack of protection for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of AVEVA Wonderware Historian’s data archiving server is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user specifically visits a specially crafted U...