CVSS: 7.1EPSS: 0%CPEs: 40EXPL: 0CVE-2023-34982 – AVEVA Operations Control Logger External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-34982
15 Nov 2023 — This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. Esta vulnerabilidad de control externo, si se explota, podría permitir que un usuario local autenticado en el sistema operativo con privilegios estándar elimine archivos con privilegios de sistema en la máquina donde están instalados estos productos, lo que resultaría en u... • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2023-33873 – AVEVA Operations Control Logger Execution with Unnecessary Privileges
https://notcve.org/view.php?id=CVE-2023-33873
15 Nov 2023 — This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, ... • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-38410 – AVEVA PCS Portal Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2021-38410
27 Jul 2022 — AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. AVEVA Software Platform Common Services (PCS) Portal versiones 4.5.2, 4.5.1, 4.5.0 y 4.4.6, son vulnerables a un secuestro de DLL mediante un elemento de ruta de búsqueda no controlado, que puede permitir a un atacante el control de una o más ubicaciones en la ... • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0835 – AVEVA System Platform Cleartext Storage of Sensitive Information in Memory
https://notcve.org/view.php?id=CVE-2022-0835
11 Apr 2022 — AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. AVEVA System Platform versión 2020, almacena información confidencial en texto sin cifrar, lo que puede permitir el acceso a un atacante o a un usuario con pocos privilegios • https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33008 – AVEVA System Platform Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2021-33008
04 Apr 2022 — AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. AVEVA System Platform versiones 2017 hasta 2020 R2 P01, no llevan a cabo ninguna autenticación para la funcionalidad que requiere una identidad de usuario demostrable • https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32981 – AVEVA System Platform Path Traversal
https://notcve.org/view.php?id=CVE-2021-32981
04 Apr 2022 — AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. AVEVA System Platform versiones 2017 hasta 2020 R2 P01, usa una entrada externa para construir un nombre de ruta que pretend... • https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32985 – AVEVA System Platform Origin Validation Error
https://notcve.org/view.php?id=CVE-2021-32985
04 Apr 2022 — AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. AVEVA System Platform versiones 2017 hasta 2020 R2 P01, no comprueba correctamente que la fuente de datos o comunicación sea válida • https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33010 – AVEVA System Platform Uncaught Exception
https://notcve.org/view.php?id=CVE-2021-33010
04 Apr 2022 — An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. Se lanza una excepción desde una función en AVEVA System Platform versiones 2017 hasta 2020 R2 P01, pero no es atrapada, lo que puede causar una condición de denegación de servicio • https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf • CWE-248: Uncaught Exception •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32977 – AVEVA System Platform Improper Verification of Cryptographic Signature
https://notcve.org/view.php?id=CVE-2021-32977
04 Apr 2022 — AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. AVEVA System Platform versiones 2017 hasta 2020 R2 P01, no verifica, o verifica incorrectamente, la firma criptográfica de los datos • https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6525
https://notcve.org/view.php?id=CVE-2019-6525
11 Apr 2019 — AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account. AVEVA Wonderware System Platform 2017 Actualización 2 y anteriores, usan una cuenta de usuario de red ArchestrA para la autenticación de los procesos del sistema y las comunicaciones entre nodos. Un usuario con pocos privilegios podría hacer uso de u... • https://ics-cert.us-cert.gov/advisories/ICSA-19-029-03 • CWE-269: Improper Privilege Management CWE-522: Insufficiently Protected Credentials •