PT-2019-18157 · Aveva · Indusoft Web Studio+1
Published
2019-02-13
·
Updated
2023-01-31
·
CVE-2019-6545
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
AVEVA Software, LLC InduSoft Web Studio versions prior to 8.1 SP3
AVEVA Software, LLC InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 Update
Description
An issue exists where an unauthenticated remote user could execute an arbitrary process on the server machine by using a specially crafted database connection configuration file.
Recommendations
For AVEVA Software, LLC InduSoft Web Studio versions prior to 8.1 SP3, update to version 8.1 SP3 or later.
For AVEVA Software, LLC InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 Update, update to version 2017 Update or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intouch Edge Hmi
Indusoft Web Studio