An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
References
Link | Resource |
---|---|
https://www.aveva.com/en/products/edge/ | Product |
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
20 Dec 2023, 17:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.aveva.com/en/products/edge/ - Product | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 - Third Party Advisory, US Government Resource | |
First Time |
Aveva edge
Aveva |
|
CPE | cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:edge:2020:r2:-:*:*:*:*:* cpe:2.3:a:aveva:edge:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:edge:2020:r2:sp1:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
18 Dec 2023, 14:05
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-16 01:15
Updated : 2024-02-28 20:54
NVD link : CVE-2021-42796
Mitre link : CVE-2021-42796
CVE.ORG link : CVE-2021-42796
JSON object : View
Products Affected
aveva
- edge
CWE