AVEVA PI to CONNECT Agent

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

EUVD-2021-24862

Malware in sbrugna...

CVE-2021-38410

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

Unspecified Vulnerability in AVEVA Edge

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA Software UK. A security vulnerability exists in AVEVA Edge 2020 R2 and prior versions that can be exploited by an attacker to potentially compromise the confidentiality, availability or integrity of the system. Details of...

AVEVA Edge has an information disclosure vulnerability

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...

AVEVA Edge DLL Hijacking Vulnerability

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA Software UK. A DLL hijacking vulnerability exists in AVEVA Edge 2020 R and prior versions, which could be exploited by an attacker to compromise the confidentiality, availability or integrity of a system. Details of the...

CVE-2021-38410

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

Path traversal

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

CVE-2021-38410 AVEVA PCS Portal Uncontrolled Search Path Element

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

Schneider Electric Floating License Manager ICSA-19-192-07 Multiple Security Vulnerabilities

Description Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable. Technologies Affected...

Unspecified Vulnerability in AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI

AVEVA Group plc InduSoft Web Studio is a suite of industrial configuration software from AVEVA Group plc, UK. A security vulnerability exists in AVEVA Group plc InduSoft Web Studio versions prior to 8.1 SP3 and prior to InTouch Edge HMI 2017 Update. An attacker could exploit the vulnerability to...

Code injection

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...