// For flags

CVE-2019-6525

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.

AVEVA Wonderware System Platform 2017 Actualización 2 y anteriores, usan una cuenta de usuario de red ArchestrA para la autenticación de los procesos del sistema y las comunicaciones entre nodos. Un usuario con pocos privilegios podría hacer uso de una API para obtener las credenciales de esta cuenta.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-22 CVE Reserved
  • 2019-04-11 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
  • CWE-522: Insufficiently Protected Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Aveva
Search vendor "Aveva"
Wonderware System Platform
Search vendor "Aveva" for product "Wonderware System Platform"
< 2017
Search vendor "Aveva" for product "Wonderware System Platform" and version " < 2017"
-
Affected
Aveva
Search vendor "Aveva"
Wonderware System Platform
Search vendor "Aveva" for product "Wonderware System Platform"
2017
Search vendor "Aveva" for product "Wonderware System Platform" and version "2017"
-
Affected
Aveva
Search vendor "Aveva"
Wonderware System Platform
Search vendor "Aveva" for product "Wonderware System Platform"
2017
Search vendor "Aveva" for product "Wonderware System Platform" and version "2017"
update_1
Affected
Aveva
Search vendor "Aveva"
Wonderware System Platform
Search vendor "Aveva" for product "Wonderware System Platform"
2017
Search vendor "Aveva" for product "Wonderware System Platform" and version "2017"
update_2
Affected