ID CVE-2019-6525
Summary AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.
References
Vulnerable Configurations
  • cpe:2.3:a:aveva:wonderware_system_platform:2014:*:*:*:*:*:*:*
    cpe:2.3:a:aveva:wonderware_system_platform:2014:*:*:*:*:*:*:*
  • cpe:2.3:a:aveva:wonderware_system_platform:2017:-:*:*:*:*:*:*
    cpe:2.3:a:aveva:wonderware_system_platform:2017:-:*:*:*:*:*:*
  • cpe:2.3:a:aveva:wonderware_system_platform:2017:update_1:*:*:*:*:*:*
    cpe:2.3:a:aveva:wonderware_system_platform:2017:update_1:*:*:*:*:*:*
  • cpe:2.3:a:aveva:wonderware_system_platform:2017:update_2:*:*:*:*:*:*
    cpe:2.3:a:aveva:wonderware_system_platform:2017:update_2:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 12-04-2019 - 15:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
confirm https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec135.pdf
misc https://ics-cert.us-cert.gov/advisories/ICSA-19-029-03
Last major update 12-04-2019 - 15:29
Published 11-04-2019 - 21:29
Back to Top