16 matches found
EUVD-2023-23525
Malicious code in bioql PyPI...
The vulnerability of the AVEVA Plant SCADA system and the AVEVA Telemetry Server, caused by deficiencies in authentication procedures, allows a intruder to trigger a service failure.
The vulnerabilities of the AVEVA Plant SCADA system and the AVEVA Telemetry Server are due to deficiencies in the authentication process. Exploiting these vulnerabilities allows a malicious actor, who may act remotely without having undergone identity verification, to cause service failures...
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to errors in processing the relative path to the catalog, allows a hacker to gain read access to files located outside the protected web server.
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere lies in errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to files located outside the protected web...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256 CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256
CVE-2023-1256 affects AVEVA Plant SCADA and AVEVA Telemetry Server with an improper authorization (CWE-285) vulnerability. An unauthenticated remote attacker could read data, cause DoS, and tamper with alarm states. Affected products/versions include AVEVA Plant SCADA (2023, 2020R2 Update 10 and ...
CVE-2023-1256 CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
AVEVA Plant SCADA Access Anywhere 授权问题漏洞
AVEVA Plant SCADA Access Anywhere is a reliable, flexible and high-performance Supervisory Control and Data Acquisition SCADA software solution for industrial process customers from AVEVA. The true value and power of Plant SCADA can be accessed in any compatible web browser. An authorization issu...
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...
CVE-2022-1467
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
Command injection
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...
CVE-2022-1467
CVE-2022-1467 affects AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere (all versions). The root cause is a Windows language bar overlay that can be manipulated to launch an OS command prompt from within the browser, creating a context-escape from the hosted application to the O...
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to the disclosure of information in the error data area, allows a intruder to execute arbitrary OS commands.
The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere relates to the disclosure of information in the error area of data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary OS commands remotely...
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability...