PT-2019-18139 · Aveva · Aveva Wonderware System Platform

Published

2019-04-11

Updated

2020-10-16

CVE-2019-6525

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AVEVA Wonderware System Platform versions 2017 Update 2 and prior

Description The issue concerns the use of an ArchestrA network user account for authentication in system processes and inter-node communications. A user with low privileges could exploit an API to obtain the credentials for this account.

Recommendations For versions 2017 Update 2 and prior, consider restricting access to the API used for obtaining the ArchestrA network user account credentials until a fix is available. As a temporary workaround, limit the privileges of users who have access to the system to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-269

Related Identifiers

CVE-2019-6525

Affected Products

Aveva Wonderware System Platform

PT-2019-18139 · Aveva · Aveva Wonderware System Platform

CVE-2019-6525

Weakness Enumeration

Related Identifiers

Affected Products

References · 4