CVE-2021-42796

An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.aveva.com/en/products/edge/	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aveva:edge::::::::
	cpe:2.3:a:aveva:edge:2020:-::::::
	cpe:2.3:a:aveva:edge:2020:r2:-:::::*
	cpe:2.3:a:aveva:edge:2020:r2:sp1:::::*

History

20 Dec 2023, 17:32

Type	Values Removed	Values Added
References	~~() https://www.aveva.com/en/products/edge/ -~~	() https://www.aveva.com/en/products/edge/ - Product
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 - Third Party Advisory, US Government Resource
First Time		Aveva edge Aveva
CPE		cpe:2.3:a:aveva:edge:::::::: cpe:2.3:a:aveva:edge:2020:r2:-:::::* cpe:2.3:a:aveva:edge:2020:-:::::: cpe:2.3:a:aveva:edge:2020:r2:sp1:::::*
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

18 Dec 2023, 14:05

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-16 01:15

Updated : 2024-02-28 20:54

NVD link : CVE-2021-42796

Mitre link : CVE-2021-42796

CVE.ORG link : CVE-2021-42796

JSON object : View

Products Affected

aveva

edge

CWE

NVD-CWE-Other

9.8 /10