Lucene search
K

241 matches found

Positive Technologies
Positive Technologies
added 2021/06/09 12:0 a.m.4 views

PT-2021-19988 · Aveva · Aveva Intouch Runtime

Name of the Vulnerable Software and Affected Versions: AVEVA InTouch Runtime versions prior to 2020 R2 Description: The issue could expose cleartext credentials if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location...

6.6CVSS5.7AI score0.0018EPSS
Exploits0References3
ICS
ICS
added 2021/06/08 12:0 a.m.57 views

AVEVA InTouch

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: AVEVA Software, LLC Equipment: InTouch 2020 R2 and all prior versions Vulnerability: Clear Text Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could expose...

6.6CVSS6.1AI score0.0018EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.5 views

The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems, related to buffer overflow in the stack, allows a malicious actor to trigger an emergency shutdown of the system.

The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch SCADA systems is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to reassign the return address and trigger an emergency shutdown using a specially craft...

2.9CVSS5.9AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.4 views

The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems, related to buffer overflow in the queue, allows a malicious actor to trigger an emergency shutdown of the system.

The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to cause an emergency shutdown of the system using a specially crafted file...

2.9CVSS5.9AI score
Exploits0Affected Software1
0day.today
0day.today
added 2019/11/26 12:0 a.m.88 views

InTouch Machine Edition 8.1 SP1 - (Atributos) Denial of Service Exploit

Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Vendor Homepage: https://on.wonderware.com/ Software Link : https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS Local Tested on...

Exploits0
exploitpack
exploitpack
added 2019/11/25 12:0 a.m.40 views

InTouch Machine Edition 8.1 SP1 - Atributos Denial of Service (PoC)

InTouch Machine Edition 8.1 SP1 - Atributos Denial of Service PoC Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Discovery Date: 12019-11-16 Vendor Homepage: https://on.wonderware.com/ Software Link :...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/25 12:0 a.m.345 views

InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)

Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Discovery Date: 12019-11-16 Vendor Homepage: https://on.wonderware.com/ Software Link : https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Denial of...

7AI score
Exploits0
ICS
ICS
added 2019/03/19 12:0 a.m.175 views

AVEVA InduSoft Web Studio and InTouch Edge HMI

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: InduSoft Web Studio, InTouch Edge HMI Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow execution of unauthorized code or...

7.8CVSS8AI score0.01532EPSS
Exploits0References5
CNVD
CNVD
added 2019/02/15 12:0 a.m.11 views

Unspecified Vulnerability in AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI (CNVD-2019-43392)

AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI are both products of AVEVA Group plc, UK.InduSoft Web Studio is a suite of industrial configuration software.InTouch Edge HMI is a scalable HMI application. A security vulnerability exists in AVEVA Group plc InduSoft Web Studio versions pri...

7.5CVSS7.3AI score0.13858EPSS
Exploits5References1
CNVD
CNVD
added 2019/02/15 12:0 a.m.15 views

Unspecified Vulnerability in AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI

AVEVA Group plc InduSoft Web Studio is a suite of industrial configuration software from AVEVA Group plc, UK. A security vulnerability exists in AVEVA Group plc InduSoft Web Studio versions prior to 8.1 SP3 and prior to InTouch Edge HMI 2017 Update. An attacker could exploit the vulnerability to...

10CVSS6.9AI score0.17287EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2019/02/14 12:0 a.m.49 views

AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE

Binary data scadaavevaiwsitehcmd66rce.nbin...

10CVSS7.3AI score0.17287EPSS
Exploits6References3
OSV
OSV
added 2019/02/13 1:29 a.m.4 views

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

9.8CVSS7.3AI score0.17287EPSS
Exploits5References3
Prion
Prion
added 2019/02/13 1:29 a.m.12 views

Code injection

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

10CVSS9.4AI score0.17287EPSS
Exploits5References3Affected Software2
NVD
NVD
added 2019/02/13 1:29 a.m.14 views

CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...

7.5CVSS8.2AI score0.13858EPSS
Exploits5References3
OSV
OSV
added 2019/02/13 1:29 a.m.3 views

CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...

7.5CVSS7.4AI score0.13858EPSS
Exploits5References3
NVD
NVD
added 2019/02/13 1:29 a.m.26 views

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

10CVSS9.6AI score0.17287EPSS
Exploits5References3
Cvelist
Cvelist
added 2019/02/13 1:0 a.m.31 views

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

9.6AI score0.17287EPSS
Exploits5References3
CVE
CVE
added 2019/02/13 1:0 a.m.94 views

CVE-2019-6543

Summary: CVE-2019-6543 affects AVEVA InduSoft Web Studio versions before 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) before 2017 Update. The flaw allows code to be executed with program runtime privileges due to missing authentication for a critical function (and related resou...

10CVSS9.4AI score0.17287EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2019/02/13 1:0 a.m.26 views

CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...

8.2AI score0.13858EPSS
Exploits5References3
CVE
CVE
added 2019/02/13 1:0 a.m.114 views

CVE-2019-6545

CVE-2019-6545 affects AVEVA InduSoft Web Studio prior to 8.1 SP3 and InTouch Edge HMI prior to 2017 Update. An unauthenticated remote attacker can trigger arbitrary process execution on the server by supplying a specially crafted database connection configuration file. Public sources document a r...

7.5CVSS8.7AI score0.13858EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder