cvelistv5 - cve-2025-9317

CVE-2025-9317 (GCVE-0-2025-9317)

Vulnerability from cvelistv5

Published

2025-11-14 23:49

Modified

2025-11-17 16:55

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.3 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

CWE

CWE-327

Summary

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.

References

URL

Tags

	ics-cert@hq.dhs.gov	https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json
	ics-cert@hq.dhs.gov	https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf
	ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03

Impacted products

	Vendor	Product	Version
	AVEVA	Edge	Version: 0 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9317",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T16:55:08.051296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-17T16:55:20.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Edge",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "Versions 2023 R2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joao Varelas reported this vulnerability to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
            }
          ],
          "value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-14T23:49:27.149Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\u003c/p\u003e\n\u003cp\u003eUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply AVEVA Edge \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9\"\u003e2023 R2 P01\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e Security Update and migrate old project files.\u003c/li\u003e\n\u003cli\u003eFor projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\u003c/li\u003e\n\u003cli\u003eRequire AVEVA Edge users to change their passwords.\u003c/li\u003e\n\u003cli\u003eImportant: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\u003c/li\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\nFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e.\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "AVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\n\n\nUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\n\n\n\n  *  Apply AVEVA Edge  2023 R2 P01 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9 \n\n\n  *   Security Update and migrate old project files.\n\n  *  For projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\n\n  *  Require AVEVA Edge users to change their passwords.\n\n  *  Important: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\n  *  \n\n\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ .For more information, see AVEVA\u0027s Security Bulletin  AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s  bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-25-317-03",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAccess Control Lists should be applied to all folders where users will save and load project files.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\u003c/li\u003e\n\u003cli\u003eApply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u0026gt; Project Overview \u0026gt; Configuring Additional \nProject Settings \u0026gt; Options Tab \u0026gt; Data Protection.\u003c/li\u003e\n\u003cli\u003eIf passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u0026gt; Tags and the \nTag Database \u0026gt; About Tags and the Project Database.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "The following general defensive measures are recommended:\n\n\n\n  *  Access Control Lists should be applied to all folders where users will save and load project files.\n\n  *  Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\n\n  *  Apply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u003e Project Overview \u003e Configuring Additional \nProject Settings \u003e Options Tab \u003e Data Protection.\n\n  *  If passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u003e Tags and the \nTag Database \u003e About Tags and the Project Database.\n\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0.\n\nFor more information, see AVEVA\u0027s Security Bulletin  AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s  bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-9317",
    "datePublished": "2025-11-14T23:49:27.149Z",
    "dateReserved": "2025-08-21T12:45:22.693Z",
    "dateUpdated": "2025-11-17T16:55:20.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9317\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-11-15T00:15:48.503\",\"lastModified\":\"2025-11-15T00:15:48.503\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability, if exploited, could allow a miscreant with read \\naccess to Edge Project files or Edge Offline Cache files to reverse \\nengineer Edge users\u0027 app-native or Active Directory passwords through \\ncomputational brute-forcing of weak hashes.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"references\":[{\"url\":\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Edge\", \"vendor\": \"AVEVA\", \"versions\": [{\"lessThanOrEqual\": \"Versions 2023 R2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Joao Varelas reported this vulnerability to AVEVA.\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"The vulnerability, if exploited, could allow a miscreant with read \\naccess to Edge Project files or Edge Offline Cache files to reverse \\nengineer Edge users\u0027 app-native or Active Directory passwords through \\ncomputational brute-forcing of weak hashes.\"}], \"value\": \"The vulnerability, if exploited, could allow a miscreant with read \\naccess to Edge Project files or Edge Offline Cache files to reverse \\nengineer Edge users\u0027 app-native or Active Directory passwords through \\ncomputational brute-forcing of weak hashes.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"cvssV4_0\": {\"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"NOT_DEFINED\", \"Safety\": \"NOT_DEFINED\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"attackVector\": \"LOCAL\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"privilegesRequired\": \"LOW\", \"providerUrgency\": \"NOT_DEFINED\", \"subAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N\", \"version\": \"4.0\", \"vulnAvailabilityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-327\", \"description\": \"CWE-327\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-11-14T23:49:27.149Z\"}, \"references\": [{\"url\": \"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this \\nvulnerability based on their operational environment, architecture, and \\nproduct implementation.\u003c/p\u003e\\n\u003cp\u003eUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eApply AVEVA Edge \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9\\\"\u003e2023 R2 P01\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e Security Update and migrate old project files.\u003c/li\u003e\\n\u003cli\u003eFor projects that cannot be migrated (e.g. backups or transient \\ncopies), evaluate the risk of potential password leakage from these \\nfiles and implement stricter read access controls to protect these \\nunsafe files.\u003c/li\u003e\\n\u003cli\u003eRequire AVEVA Edge users to change their passwords.\u003c/li\u003e\\n\u003cli\u003eImportant: Edge project migration from older versions to 2023 R2 P01\\n is one-way due to the change in password hashing algorithms.\u003c/li\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\\nFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support/support-contact/\\\"\u003eAVEVA Customer Support\u003c/a\u003e.\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\\\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003ebulletins page\u003c/a\u003e.\\n\\n\u003cbr\u003e\u003c/p\u003e\"}], \"value\": \"AVEVA recommends that organizations evaluate the impact of this \\nvulnerability based on their operational environment, architecture, and \\nproduct implementation.\\n\\n\\nUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\\n\\n\\n\\n  *  Apply AVEVA Edge  2023 R2 P01 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9 \\n\\n\\n  *   Security Update and migrate old project files.\\n\\n  *  For projects that cannot be migrated (e.g. backups or transient \\ncopies), evaluate the risk of potential password leakage from these \\nfiles and implement stricter read access controls to protect these \\nunsafe files.\\n\\n  *  Require AVEVA Edge users to change their passwords.\\n\\n  *  Important: Edge project migration from older versions to 2023 R2 P01\\n is one-way due to the change in password hashing algorithms.\\n  *  \\n\\n\\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ .For more information, see AVEVA\u0027s Security Bulletin  AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \\u00a0or AVEVA\u0027s  bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ .\"}], \"source\": {\"advisory\": \"ICSA-25-317-03\", \"discovery\": \"EXTERNAL\"}, \"title\": \"AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm\", \"workarounds\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eAccess Control Lists should be applied to all folders where users will save and load project files.\u003c/li\u003e\\n\u003cli\u003eMaintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\u003c/li\u003e\\n\u003cli\u003eApply data-protection at the project level with a strong master \\npassword. For configuration step-by-step refer to AVEVA Edge \\\"Technical \\nReference Manual\\\" \u0026gt; Project Overview \u0026gt; Configuring Additional \\nProject Settings \u0026gt; Options Tab \u0026gt; Data Protection.\u003c/li\u003e\\n\u003cli\u003eIf passwords are being used as function parameters inside project \\ndocuments (such as scripts or worksheets), it is recommended to remove \\nthose passwords and use project tags instead. For more information on \\ntags refer to AVEVA Edge \\\"Technical Reference Manual\\\" \u0026gt; Tags and the \\nTag Database \u0026gt; About Tags and the Project Database.\u003c/li\u003e\\n\u003c/ul\u003e\u003cp\u003eFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support/support-contact/\\\"\u003eAVEVA Customer Support\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\\\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003ebulletins page\u003c/a\u003e.\\n\\n\u003cbr\u003e\u003c/p\u003e\"}], \"value\": \"The following general defensive measures are recommended:\\n\\n\\n\\n  *  Access Control Lists should be applied to all folders where users will save and load project files.\\n\\n  *  Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\\n\\n  *  Apply data-protection at the project level with a strong master \\npassword. For configuration step-by-step refer to AVEVA Edge \\\"Technical \\nReference Manual\\\" \u003e Project Overview \u003e Configuring Additional \\nProject Settings \u003e Options Tab \u003e Data Protection.\\n\\n  *  If passwords are being used as function parameters inside project \\ndocuments (such as scripts or worksheets), it is recommended to remove \\nthose passwords and use project tags instead. For more information on \\ntags refer to AVEVA Edge \\\"Technical Reference Manual\\\" \u003e Tags and the \\nTag Database \u003e About Tags and the Project Database.\\n\\n\\n\\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ \\u00a0.\\n\\nFor more information, see AVEVA\u0027s Security Bulletin  AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \\u00a0or AVEVA\u0027s  bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ .\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9317\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-17T16:55:08.051296Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-17T16:55:15.915Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9317\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"icscert\", \"dateReserved\": \"2025-08-21T12:45:22.693Z\", \"datePublished\": \"2025-11-14T23:49:27.149Z\", \"dateUpdated\": \"2025-11-17T16:55:20.081Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

fkie_cve-2025-9317

Vulnerability from fkie_nvd

Published

2025-11-15 00:15

Modified

2025-11-15 00:15

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json
	ics-cert@hq.dhs.gov	https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf
	ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
    }
  ],
  "id": "CVE-2025-9317",
  "lastModified": "2025-11-15T00:15:48.503",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 5.8,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-15T00:15:48.503",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    }
  ]
}

ghsa-hgj3-cggc-7jc2

Vulnerability from github

Published

2025-11-15 00:30

Modified

2025-11-15 00:30

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.3 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-9317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-15T00:15:48Z",
    "severity": "HIGH"
  },
  "details": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes.",
  "id": "GHSA-hgj3-cggc-7jc2",
  "modified": "2025-11-15T00:30:27Z",
  "published": "2025-11-15T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
    },
    {
      "type": "WEB",
      "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2025-AVI-0986

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Schneider Electric EcoStruxure. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Schneider Electric	EcoStruxure	EcoStruxure Machine SCADA Expert versions antérieures à 2023.1 Patch 1

References

Title

Publication Time

icsa-25-317-03

Vulnerability from csaf_cisa

Published

2025-11-13 07:00

Modified

2025-11-13 07:00

Summary

AVEVA Edge

Notes

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Risk evaluation

Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United Kingdom

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Do not click web links or open attachments in unsolicited email messages.

Recommended Practices

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Joao Varelas"
        ],
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United Kingdom",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-317-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-25-317-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
      }
    ],
    "title": "AVEVA Edge",
    "tracking": {
      "current_release_date": "2025-11-13T07:00:00.000000Z",
      "generator": {
        "date": "2025-11-13T15:08:41.425721Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-25-317-03",
      "initial_release_date": "2025-11-13T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2025-11-13T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=2023_R2",
                "product": {
                  "name": "AVEVA Edge: \u003c=2023_R2",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Edge"
          }
        ],
        "category": "vendor",
        "name": "AVEVA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9317",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users\u0027 app-native or Active Directory passwords through computational brute-forcing of weak hashes.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9317"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users using the affected product versions should take the following actions to mitigate the risk of exploit:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply AVEVA Edge 2023 R2 P01  Security Update and migrate old project files.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9"
        },
        {
          "category": "mitigation",
          "details": "For projects that cannot be migrated (e.g. backups or transient copies), evaluate the risk of potential password leakage from these files and implement stricter read access controls to protect these unsafe files.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Require AVEVA Edge users to change their passwords.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Important: Edge project migration from older versions to 2023 R2 P01 is one-way due to the change in password hashing algorithms.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following general defensive measures are recommended:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Access Control Lists should be applied to all folders where users will save and load project files.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply data-protection at the project level with a strong master password. For configuration step-by-step refer to AVEVA Edge \"Technical Reference Manual\" \u003e Project Overview \u003e Configuring Additional Project Settings \u003e Options Tab \u003e Data Protection.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "If passwords are being used as function parameters inside project documents (such as scripts or worksheets), it is recommended to remove those passwords and use project tags instead. For more information on tags refer to AVEVA Edge \"Technical Reference Manual\" \u003e Tags and the Tag Database \u003e About Tags and the Project Database.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support/support-contact/"
        },
        {
          "category": "mitigation",
          "details": "For more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-006 or AVEVA\u0027s bulletins page.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
        },
        {
          "category": "mitigation",
          "details": "For more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-006 or AVEVA\u0027s bulletins page.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-9317 (GCVE-0-2025-9317)

Vulnerability from cvelistv5

fkie_cve-2025-9317

Vulnerability from fkie_nvd

ghsa-hgj3-cggc-7jc2

Vulnerability from github

CERTFR-2025-AVI-0986

Vulnerability from certfr_avis

Solutions

icsa-25-317-03

Vulnerability from csaf_cisa

Tags

Sightings

Nomenclature