Vulnerabilities > CVE-2019-6545 - Unspecified vulnerability in Aveva Indusoft web Studio and Intouch Machine Edition 2014

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
aveva
exploit available

Summary

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.

Exploit-Db

idEDB-ID:46342

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/151602/indusoftws81sp2-exec.txt
idPACKETSTORM:151602
last seen2019-02-12
published2019-02-11
reporterJacob Baines
sourcehttps://packetstormsecurity.com/files/151602/Indusoft-Web-Studio-8.1-SP2-Remote-Code-Execution.html
titleIndusoft Web Studio 8.1 SP2 Remote Code Execution