HIGH🇵🇱 Wersja polska

CVE-2021-42797

CVSS 7.5v3.1pub. 2023-12-16upd. 2024-11-21

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Aveva Edge

    APP
    Aveva
    2020< 2020
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2021-42796CRITICAL9.8PL ✓ten sam produkt

AVEVA Edge: nieuwierzytelnione zdalne wykonanie poleceń (RCE) w ExecuteCommand()

CVE-2018-17914CRITICAL9.8ten sam produkt

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) version...

CVE-2018-17916CRITICAL9.8ten sam produkt

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) version...

CVE-2023-33873HIGH7.8ten sam produkt

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...

CVE-2021-42794MEDIUM5.3ten sam produkt

An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application...