Vulnerabilities > CVE-2019-6545 - Unspecified vulnerability in Aveva Indusoft web Studio and Intouch Machine Edition 2014

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

aveva

exploit available

NVD

Published: 2019-02-13

Updated: 2023-01-31

Summary

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva Indusoft WEB Studio 8.1 Aveva Indusoft WEB Studio 8.0 Aveva Indusoft WEB Studio 7.1 Aveva Indusoft WEB Studio 6.1 Aveva Intouch Machine Edition 2014 R2	29

Exploit-Db

id	EDB-ID:46342

Packetstorm

data source	https://packetstormsecurity.com/files/download/151602/indusoftws81sp2-exec.txt
id	PACKETSTORM:151602
last seen	2019-02-12
published	2019-02-11
reporter	Jacob Baines
source	https://packetstormsecurity.com/files/151602/Indusoft-Web-Studio-8.1-SP2-Remote-Code-Execution.html
title	Indusoft Web Studio 8.1 SP2 Remote Code Execution

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References