Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
indusoft web studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6132
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
9.8
CVSSv3
CVE-2021-42796
An issue exists in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
Aveva Edge 2020
Aveva Edge
7.5
CVSSv3
CVE-2021-42797
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
Aveva Edge 2020
Aveva Edge
NA
CVE-2015-0998
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote malicious users to obtain sensitive information by sniffing the network.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
NA
CVE-2015-0999
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
5.3
CVSSv3
CVE-2021-42794
An issue exists in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
Aveva Edge 2020
Aveva Edge
NA
CVE-2015-0997
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote malicious users to obtain access via a brute-force pass...
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
NA
CVE-2015-0996
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users ...
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3