Vulnerabilities > Aveva
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-32987 | NULL Pointer Dereference vulnerability in Aveva Suitelink Null pointer dereference in SuiteLink server while processing command 0x0b | 5.0 |
| 2021-09-23 | CVE-2021-32999 | Improper Handling of Exceptional Conditions vulnerability in Aveva Suitelink Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 | 5.0 |
| 2021-06-09 | CVE-2021-32942 | Cleartext Storage of Sensitive Information vulnerability in Aveva Intouch 2017 and Intouch 2020 The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. | 5.5 |
| 2020-09-24 | CVE-2020-13505 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. | 7.5 |
| 2020-09-24 | CVE-2020-13504 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. | 7.5 |
| 2020-09-24 | CVE-2020-13501 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. | 7.5 |
| 2020-09-24 | CVE-2020-13500 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. | 7.5 |
| 2020-09-24 | CVE-2020-13499 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. | 7.5 |
| 2020-01-14 | CVE-2019-13537 | Out-of-bounds Write vulnerability in Aveva Iec870Ip Firmware 4.14.02 The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash. | 5.0 |
| 2019-04-11 | CVE-2019-6525 | Improper Privilege Management vulnerability in Aveva Wonderware System Platform 2014/2017 AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. | 4.0 |