Vulnerabilities > Aveva > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-16 CVE-2021-42796 Unspecified vulnerability in Aveva Edge 2020/8.1
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
network
low complexity
aveva
critical
9.8
2023-03-16 CVE-2023-1256 Unspecified vulnerability in Aveva Plant Scada and Telemetry Server
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.
network
low complexity
aveva
critical
9.8
2022-05-23 CVE-2022-1467 Exposure of Resource to Wrong Sphere vulnerability in Aveva products
Windows OS can be configured to overlay a “language bar” on top of any application.
network
low complexity
aveva CWE-668
critical
9.9
2022-04-04 CVE-2021-33008 Missing Authentication for Critical Function vulnerability in Aveva System Platform 2017/2020
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.
network
low complexity
aveva CWE-306
critical
9.8
2021-09-23 CVE-2021-32959 Heap-based Buffer Overflow vulnerability in Aveva Suitelink
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
network
low complexity
aveva CWE-122
critical
9.8
2020-09-24 CVE-2020-13505 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.
network
low complexity
aveva CWE-89
critical
9.8
2020-09-24 CVE-2020-13504 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.
network
low complexity
aveva CWE-89
critical
9.8
2020-09-24 CVE-2020-13501 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053.
network
low complexity
aveva CWE-89
critical
9.8
2020-09-24 CVE-2020-13500 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053.
network
low complexity
aveva CWE-89
critical
9.8
2020-09-24 CVE-2020-13499 SQL Injection vulnerability in Aveva Edna Enterprise Data Historian 3.0.1.2/7.5.4989.33053
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053.
network
low complexity
aveva CWE-89
critical
9.8