7 matches found
CVE-2023-33873
CVE-2023-33873 describes a local privilege-escalation on AVEVA Operations Control Logger and related AVEVA products (e.g., AVEVA System Platform, Historian, Application Server, InTouch, and more listed in the ICS advisory). The vulnerability allows a local OS-authenticated user with standard priv...
CVE-2023-34982
CVE-2023-34982 affects AVEVA Operations Control Logger (external control of file name or path). A local OS-authenticated user with standard privileges could delete files with System privileges, leading to denial of service. The CVE is discussed across multiple sources (NVD entry and AVEVA/ICS adv...
CVE-2018-17916
Summary: CVE-2018-17916 affects Schneider Electric/AVEVA InduSoft Web Studio (pre-8.1 SP2) and InTouch Edge HMI (pre-2017 SP2). A remote attacker can trigger a stack-based buffer overflow during tag/alarm/event actions (read/write) via a crafted packet, potentially executing arbitrary code with t...
CVE-2021-42796
CVE-2021-42796 affects AVEVA Edge (formerly InduSoft Web Studio) pre-2020 R2. The vulnerability is in the ExecuteCommand() function (stadosvr.exe) and allows unauthenticated arbitrary commands to execute, via improper access control. The issue is documented with a base CVSS v3.1 score of 9.8 (Net...
CVE-2021-42794
AVEVA Edge (formerly InduSoft Web Studio)
CVE-2021-42797
CVE-2021-42797 — AVEVA Edge (formerly InduSoft Web Studio) : Path traversal in AVEVA Edge versions R2020 and prior allows an unauthenticated user to disclose the Windows access token used for external DB resources. Affected product: AVEVA Edge; vulnerable component(s): runtime/installation flow t...
CVE-2018-17914
CVE-2018-17914 affects Schneider Electric InduSoft Web Studio <8.1 SP2 and InTouch Edge HMI