Vulnerabilities > Aveva > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-16 | CVE-2021-42796 | Unspecified vulnerability in Aveva Edge 2020/8.1 An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. | 9.8 |
| 2023-03-16 | CVE-2023-1256 | Unspecified vulnerability in Aveva Plant Scada and Telemetry Server The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states. | 9.8 |
| 2022-05-23 | CVE-2022-1467 | Exposure of Resource to Wrong Sphere vulnerability in Aveva products Windows OS can be configured to overlay a “language bar” on top of any application. | 9.9 |
| 2022-04-04 | CVE-2021-33008 | Missing Authentication for Critical Function vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | 9.8 |
| 2021-09-23 | CVE-2021-32959 | Heap-based Buffer Overflow vulnerability in Aveva Suitelink Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 | 9.8 |
| 2020-09-24 | CVE-2020-13505 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. | 9.8 |
| 2020-09-24 | CVE-2020-13504 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. | 9.8 |
| 2020-09-24 | CVE-2020-13501 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. | 9.8 |
| 2020-09-24 | CVE-2020-13500 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. | 9.8 |
| 2020-09-24 | CVE-2020-13499 | SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053 An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. | 9.8 |