CVE-2021-42794

Name of the Vulnerable Software and Affected Versions AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior

Description The issue allows a client to provide a malicious connection string, potentially enabling an adversary to port scan the LAN based on the hosts' responses. This is related to insufficient protection of service data, which could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions R2020 and prior, consider restricting access to the application to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using malicious connection strings in the affected application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.