Vulnerability CVE-2019-6543
Published: 2019-02-12   Modified: 2019-02-13

Description:
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.

Type:

CWE-306

 (Missing Authentication for Critical Function)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Aveva -> Indusoft web studio 
Aveva -> Intouch machine edition 2014 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01
https://www.exploit-db.com/exploits/46342/
https://www.tenable.com/security/research/tra-2019-04
Copyright 2024, cxsecurity.com

 

Back to Top