VYPR

Edge

by Aveva

CVEs (14)

  • CVE-2021-42796CriDec 16, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

  • CVE-2022-28685HigMar 29, 2023
    risk 0.52cvss 7.8epss 0.17

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2022-36970HigMar 29, 2023
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…

  • CVE-2022-28688HigMar 29, 2023
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2022-28687HigMar 29, 2023
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2022-28686HigMar 29, 2023
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2021-42797HigDec 16, 2023
    risk 0.49cvss 7.5epss 0.01

    Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

  • CVE-2023-6132HigFeb 29, 2024
    risk 0.47cvss 7.3epss 0.00

    The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

  • CVE-2022-36969HigMar 29, 2023
    risk 0.47cvss 7.1epss 0.14

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…

  • CVE-2021-42794MedDec 16, 2023
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.

  • CVE-2015-0999Mar 29, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2015-0998Mar 29, 2015
    risk 0.00cvss epss 0.01

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2015-0997Mar 29, 2015
    risk 0.00cvss epss 0.02

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force…

  • CVE-2015-0996Mar 29, 2015
    risk 0.00cvss epss 0.00

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to…