CVE-2019-6525

Name of the Vulnerable Software and Affected Versions AVEVA Wonderware System Platform versions 2017 Update 2 and prior

Description The issue concerns the use of an ArchestrA network user account for authentication in system processes and inter-node communications. A user with low privileges could exploit an API to obtain the credentials for this account.

Recommendations For versions 2017 Update 2 and prior, consider restricting access to the API used for obtaining the ArchestrA network user account credentials until a fix is available. As a temporary workaround, limit the privileges of users who have access to the system to minimize the risk of exploitation.