VYPR
Vendor

Aveva

Products
23
CVEs
57
Across products
68
Status
Private

Products

23

Recent CVEs

57
View all 57 CVEs →
  • CVE-2018-10628CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.05

    AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow…

  • CVE-2018-10620CriJul 19, 2018
    risk 0.64cvss 9.8epss 0.04

    AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with…

  • CVE-2017-5158CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.02

    An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.

  • CVE-2017-5156HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the…

  • CVE-2007-6033HigNov 20, 2007
    risk 0.57cvss 8.8epss 0.03

    Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.

  • CVE-2026-30290HigMar 31, 2026
    risk 0.55cvss 8.4epss 0.00

    An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2024-6456HigAug 15, 2024
    risk 0.55cvss epss 0.00

    AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.

  • CVE-2024-3468HigJun 12, 2024
    risk 0.55cvss epss 0.00

    There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.

  • CVE-2017-9962HigSep 26, 2017
    risk 0.49cvss 7.5epss 0.01

    Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the…

  • CVE-2025-4417MedJun 12, 2025
    risk 0.36cvss 5.5epss 0.00

    A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by…

  • CVE-2017-5160MedApr 20, 2017
    risk 0.34cvss 5.3epss 0.01

    An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.

  • CVE-2025-4418MedJun 12, 2025
    risk 0.29cvss 4.4epss 0.00

    An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges to modify PI Connector for CygNet local data files (cache and buffers) in a…

  • CVE-2022-23854Dec 23, 2022
    risk 0.10cvss epss 0.46

    AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

  • CVE-2019-6543Feb 13, 2019
    risk 0.06cvss epss 0.17

    AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.

  • CVE-2019-6545Feb 13, 2019
    risk 0.04cvss epss 0.14

    AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary…

  • CVE-2008-2005May 6, 2008
    risk 0.04cvss epss 0.16

    The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length…

  • CVE-2006-0088Jan 5, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.

  • CVE-2018-17916Nov 2, 2018
    risk 0.01cvss epss 0.04

    InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related…

  • CVE-2024-3467Jun 12, 2024
    risk 0.00cvss epss 0.00

    There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.

  • CVE-2023-6132Feb 29, 2024
    risk 0.00cvss epss 0.00

    The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.