CVE-2024-6456

Name of the Vulnerable Software and Affected Versions AVEVA Historian Server (affected versions not specified)

Description The issue is related to the lack of protection against malicious SQL commands. If exploited, it could allow a remote attacker to execute arbitrary code under the privileges of an interactive Historian REST Interface user, provided the user opens a specially crafted URL. This could potentially be achieved through social engineering tactics.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.