CVE-2021-42796
https://notcve.org/view.php?id=CVE-2021-42796
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. Se descubrió un problema en ExecuteCommand() en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio) que permite ejecutar comandos arbitrarios no autenticados. • https://www.aveva.com/en/products/edge https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-42794
https://notcve.org/view.php?id=CVE-2021-42794
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. Se descubrió un problema en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio). La aplicación permite a un cliente proporcionar una cadena de conexión maliciosa que podría permitir a un adversario escanear puertos de la LAN, dependiendo de las respuestas de los hosts. • https://www.aveva.com/en/products/edge https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf •
CVE-2023-34982 – AVEVA Operations Control Logger External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-34982
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. Esta vulnerabilidad de control externo, si se explota, podría permitir que un usuario local autenticado en el sistema operativo con privilegios estándar elimine archivos con privilegios de sistema en la máquina donde están instalados estos productos, lo que resultaría en una denegación de servicio. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-33873 – AVEVA Operations Control Logger Execution with Unnecessary Privileges
https://notcve.org/view.php?id=CVE-2023-33873
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, lo que resulta en un compromiso total de la máquina de destino. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-250: Execution with Unnecessary Privileges •
CVE-2023-36029 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36029
Microsoft Edge (Chromium-based) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Microsoft Edge (Chromium-based) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 https://security.gentoo.org/glsa/202402-05 •