Vulnerabilities > Aveva

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-32959 Heap-based Buffer Overflow vulnerability in Aveva Suitelink
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
network
low complexity
aveva CWE-122
7.5
2021-09-23 CVE-2021-32963 NULL Pointer Dereference vulnerability in Aveva Suitelink
Null pointer dereference in SuiteLink server while processing commands 0x03/0x10
network
low complexity
aveva CWE-476
5.0
2021-09-23 CVE-2021-32971 NULL Pointer Dereference vulnerability in Aveva Suitelink
Null pointer dereference in SuiteLink server while processing command 0x07
network
low complexity
aveva CWE-476
5.0
2021-09-23 CVE-2021-32979 NULL Pointer Dereference vulnerability in Aveva Suitelink
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
network
low complexity
aveva CWE-476
5.0
2021-09-23 CVE-2021-32987 NULL Pointer Dereference vulnerability in Aveva Suitelink
Null pointer dereference in SuiteLink server while processing command 0x0b
network
low complexity
aveva CWE-476
5.0
2021-09-23 CVE-2021-32999 Improper Handling of Exceptional Conditions vulnerability in Aveva Suitelink
Improper handling of exceptional conditions in SuiteLink server while processing command 0x01
network
low complexity
aveva CWE-755
5.0
2021-06-09 CVE-2021-32942 Cleartext Storage of Sensitive Information in Memory vulnerability in Aveva Intouch 2017 and Intouch 2020
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
local
low complexity
aveva CWE-316
2.1
2020-09-24 CVE-2020-13505 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.
network
low complexity
aveva CWE-89
7.5
2020-09-24 CVE-2020-13504 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.
network
low complexity
aveva CWE-89
7.5
2020-09-24 CVE-2020-13501 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053.
network
low complexity
aveva CWE-89
7.5