PT-2022-10185 · Aveva · Aveva System Platform

Sharon Brizinov

Published

2022-04-04

Updated

2022-04-13

CVE-2021-33008

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AVEVA System Platform versions 2017 through 2020 R2 P01

Description The issue concerns the lack of authentication for certain functionality that requires a provable user identity.

Recommendations For AVEVA System Platform versions 2017 through 2020 R2 P01, consider implementing additional authentication mechanisms to ensure that all functionality requiring a provable user identity is properly authenticated until a patch is available.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-33008

Affected Products

Aveva System Platform

PT-2022-10185 · Aveva · Aveva System Platform

CVE-2021-33008

Weakness Enumeration

Related Identifiers

Affected Products

References · 4