Vulnerabilities > CVE-2019-13537 - Out-of-bounds Write vulnerability in Aveva Iec870Ip Firmware 4.14.02

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

aveva

CWE-787

NVD

Published: 2020-01-14

Updated: 2020-02-10

Summary

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.

Vulnerable Configurations

Part	Description	Count
OS	Aveva Aveva Iec870Ip Firmware 4.14.02	1
Hardware	Aveva Aveva Iec870Ip -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.us-cert.gov/ics/advisories/icsa-19-290-01
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf