Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
References
Link | Resource |
---|---|
https://www.aveva.com/en/products/edge/ | Product |
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
20 Dec 2023, 17:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:aveva:edge:2020:r2:-:*:*:*:*:* cpe:2.3:a:aveva:edge:2020:r2:sp1:*:*:*:*:* cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:edge:2020:-:*:*:*:*:*:* |
|
References | () https://www.aveva.com/en/products/edge/ - Product | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 - Third Party Advisory, US Government Resource | |
First Time |
Aveva
Aveva edge |
16 Dec 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-16 01:15
Updated : 2023-12-20 17:32
NVD link : CVE-2021-42797
Mitre link : CVE-2021-42797
CVE.ORG link : CVE-2021-42797
JSON object : View
Products Affected
aveva
- edge
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')