Описание
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
Ссылки
- Product
- Third Party AdvisoryUS Government Resource
- ExploitThird Party AdvisoryVDB Entry
- Product
- Third Party AdvisoryUS Government Resource
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2020 (исключая)
Одно из
cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:r2:-:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:r2:sp1:*:*:*:*:*
EPSS
Процентиль: 55%
0.0033
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
около 2 лет назад
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
CVSS3: 5.3
fstec
около 3 лет назад
Уязвимость SCADA-системы AVEVA Edge, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
Процентиль: 55%
0.0033
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo