Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aveva vulnerabilities and exploits
(subscribe to this query)
294
VMScore
CVE-2015-0998
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote malicious users to obtain sensitive information by sniffing the network.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
187
VMScore
CVE-2015-0999
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
890
VMScore
CVE-2011-3143
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX prior to 67 R4.5 and 68 R3.9, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long stri...
Aveva Clearscada 2005
Aveva Clearscada 2007
Aveva Clearscada 2009
Schneider-electric Scx 67
Schneider-electric Scx 68
383
VMScore
CVE-2011-3144
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX prior to 67 R4.5 and 68 R3.9, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Aveva Clearscada 2009
Aveva Clearscada 2005
Aveva Clearscada 2007
Schneider-electric Scx 67
Schneider-electric Scx 68
356
VMScore
CVE-2019-6525
AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.
Aveva Wonderware System Platform 2017
Aveva Wonderware System Platform
NA
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Aveva Intouch Access Anywhere 2020
Aveva Intouch Access Anywhere
1 EDB exploit
756
VMScore
CVE-2022-1467
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. ...
Aveva Plant Scada Access Anywhere
Aveva Intouch Access Anywhere
668
VMScore
CVE-2018-10620
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with ...
Aveva Intouch Machine 2017 8.1
Aveva Indusoft Web Studio 8.1
445
VMScore
CVE-2019-13537
The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.
Aveva Iec870ip Firmware
668
VMScore
CVE-2021-32959
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
Aveva Suitelink
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »