Vulnerabilities > Aveva > Intouch 2017

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-32942 Cleartext Storage of Sensitive Information vulnerability in Aveva Intouch 2017 and Intouch 2020
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
local
low complexity
aveva CWE-312
5.5
2018-07-24 CVE-2018-10628 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aveva Intouch 2014 and Intouch 2017
AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator.
network
low complexity
aveva CWE-119
critical
9.8