Lucene search
+L
AvevaAveva Edge

10 matches found

cve
cve
added 2015/03/29 10:0 a.m.71 views

CVE-2015-0996

CVE-2015-0996 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). Root cause is a hard-coded, cleartext password used to control read access to Project files and Project Configuration files, enabling local atta...

2.1CVSS5.8AI score0.00372EPSS
cve
cve
added 2015/03/29 10:0 a.m.67 views

CVE-2015-0997

Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4) expose an authentication flaw: the HMI UI lists all valid usernames, enabling remote brute-force access. Root cause involves use of hard-coded/cleartext credentials in...

5CVSS6.6AI score0.02383EPSS
cve
cve
added 2015/03/29 10:0 a.m.63 views

CVE-2015-0999

The CVE-2015-0999 issue affects Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4, where OPC User credentials are stored in cleartext in configuration files. This enables local attackers with access to read the files to o...

2.1CVSS5.8AI score0.00372EPSS
cve
cve
added 2015/03/29 10:0 a.m.62 views

CVE-2015-0998

CVE-2015-0998 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). The issue is cleartext transmission of credentials (CWE-319), enabling an attacker on an adjacent network to sniff sensitive information. Root c...

3.3CVSS6.3AI score0.00774EPSS
cve
cve
added 2023/03/29 12:0 a.m.55 views

CVE-2022-28685

AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000) is affected by CVE-2022-28685, a Deserialization of untrusted data vulnerability in the APP file parsing path. The flaw arises from inadequate validation of user-supplied data, enabling arbitrary code execution when a victim opens a malicious APP ...

7.8CVSS7.8AI score0.17157EPSS
cve
cve
added 2023/03/29 12:0 a.m.54 views

CVE-2022-28688

CVE-2022-28688 affects AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000). The flaw is in how APP files are handled: the process loads a library from an unsecured location, enabling arbitrary code execution when a user visits a malicious page or opens a crafted file. Exploitation requires user int...

7.8CVSS7.8AI score0.00652EPSS
cve
cve
added 2023/03/29 12:0 a.m.50 views

CVE-2022-28687

The CVE-2022-28687 entry covers AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000). The described issue is in APP file handling where the process loads a library from an unsecured location, enabling arbitrary code execution in the context of the current process after user interaction (visiting a m...

7.8CVSS7.8AI score0.00979EPSS
cve
cve
added 2023/03/29 12:0 a.m.50 views

CVE-2022-36969

CVE-2022-36969 affects AVEVA Edge 2020 R2 SP1 and earlier, exploiting an XXE flaw in LoadImportedLibraries that allows an attacker to disclose sensitive information within the current process. Technical details across sources consistently identify the flaw as improper restriction of XML External ...

7.1CVSS5.6AI score0.13681EPSS
cve
cve
added 2023/03/29 12:0 a.m.46 views

CVE-2022-28686

Affected product: AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000). Vulnerability in APP file handling where the process loads a library from an unsecured location, enabling arbitrary code execution with the user’s context after user interaction (malicious page/file). CVSS 3.1/3.0 base score 7.8...

7.8CVSS7.8AI score0.00647EPSS
cve
cve
added 2023/03/29 12:0 a.m.44 views

CVE-2022-36970

CVE-2022-36970 affects AVEVA Edge 20.0 Build 4201.2111.1802.0000 Service Pack 2. The flaw lies in the processing of APP files, where crafted APP data can cause the application to execute arbitrary Visual Basic scripts. User interaction is required (visiting a malicious page or opening a malicious...

7.8CVSS7.8AI score0.00647EPSS