ID CVE-2019-6525
Summary AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.
References
Vulnerable Configurations
  • AVEVA Wonderware System Platform 2014
    cpe:2.3:a:aveva:wonderware_system_platform:2014
  • AVEVA Wonderware System Platform 2017
    cpe:2.3:a:aveva:wonderware_system_platform:2017
  • AVEVA Wonderware System Platform 2017 Update 1
    cpe:2.3:a:aveva:wonderware_system_platform:2017:update_1
  • AVEVA Wonderware System Platform 2017 Update 2
    cpe:2.3:a:aveva:wonderware_system_platform:2017:update_2
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-255
CAPEC
refmap via4
confirm https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec135.pdf
misc https://ics-cert.us-cert.gov/advisories/ICSA-19-029-03
Last major update 11-04-2019 - 17:29
Published 11-04-2019 - 17:29
Last modified 12-04-2019 - 11:29
Back to Top