Lucene search
K
AvevaSystem Platform

9 matches found

CVE
CVE
added 2022/04/04 7:45 p.m.120 views

CVE-2021-32977

CVE-2021-32977 affects AVEVA System Platform versions 2017–2020 R2 P01 and describes improper verification of the cryptographic signature for data. Connected sources corroborate the issue and note the vulnerability’s CVSS context (e.g., CVSS v3 base 7.2 in ICS updates) and that exploitation is no...

7.2CVSS7.2AI score0.00617EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.102 views

CVE-2021-33008

Vulnerability context: CVE-2021-33008 affects AVEVA System Platform versions 2017 through 2020 R2 P01. The root cause is missing authentication for functionality requiring a provable user identity, enabling potential unauthorized access to critical functions. Impact is high (CVE has CVSSv3 base s...

9.8CVSS9.4AI score0.01109EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.97 views

CVE-2021-32981

CVE-2021-32981 affects AVEVA System Platform 2017–2020 R2 P01, where external input used to build a pathname can escape a restricted directory. Root cause: improper neutralization of path elements in the pathname, enabling path traversal (CWE-22). Impact is high for confidentiality, integrity, an...

7.2CVSS7.1AI score0.01162EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.96 views

CVE-2022-0835

AVEVA System Platform 2020 is affected by CVE-2022-0835, which involves cleartext storage of sensitive information in memory. The vulnerability affects AVEVA System Platform 2020, 2020 R2 P01, and 2020 R2S; the underlying issue is that sensitive data (e.g., plaintext credentials) can be stored in...

8.1CVSS6.1AI score0.00166EPSS
CVE
CVE
added 2022/07/27 8:23 p.m.79 views

CVE-2021-38410

CVE-2021-38410 affects AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0 and 4.4.6, vulnerable to DLL hijacking via an uncontrolled search path element. The root cause is search-path manipulation that can allow an attacker to load a malicious DLL from a location sp...

7.8CVSS7.3AI score0.00213EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.78 views

CVE-2021-32985

AVEVA System Platform vulnerabilities CVE-2021-32985 (Origin Validation Error) affect System Platform 2017 through 2020 R2 P01. The issue arises from not properly verifying the source of data or communication, enabling potential compromise of data integrity, confidentiality, and availability. The...

7.2CVSS7.2AI score0.00481EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.75 views

CVE-2021-33010

CVE-2021-33010 concerns AVEVA System Platform. Connected documents confirm an uncaught exception in a function on versions 2017–2020 R2 P01 that may lead to a denial-of-service condition. The Red Hat/RedHat-linked and ICS advisories corroborate this issue as a Denial of Service vulnerability aris...

7.5CVSS7.6AI score0.01028EPSS
CVE
CVE
added 2023/11/15 4:22 p.m.74 views

CVE-2023-33873

CVE-2023-33873 describes a local privilege-escalation on AVEVA Operations Control Logger and related AVEVA products (e.g., AVEVA System Platform, Historian, Application Server, InTouch, and more listed in the ICS advisory). The vulnerability allows a local OS-authenticated user with standard priv...

7.8CVSS7.9AI score0.00236EPSS
CVE
CVE
added 2023/11/15 4:28 p.m.69 views

CVE-2023-34982

CVE-2023-34982 affects AVEVA Operations Control Logger (external control of file name or path). A local OS-authenticated user with standard privileges could delete files with System privileges, leading to denial of service. The CVE is discussed across multiple sources (NVD entry and AVEVA/ICS adv...

7.1CVSS6.1AI score0.00219EPSS