← Voltar para CVEs
CVE-2019-6543
CRITICAL9.8
Descricao
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/13/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
aveva:indusoft_web_studioaveva:intouch_machine_edition_2014
Fraquezas (CWE)
CWE-306CWE-306
Referencias
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01(ics-cert@hq.dhs.gov)
https://www.exploit-db.com/exploits/46342/(ics-cert@hq.dhs.gov)
https://www.tenable.com/security/research/tra-2019-04(ics-cert@hq.dhs.gov)
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46342/(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/research/tra-2019-04(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.