9.8
CVSSv3

CVE-2020-13502

Published: 24/09/2020 Updated: 30/09/2020

Vulnerability Summary

AVEVA eDNA Enterprise Data Historian is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to DNAPoints.asmx using the ExtendedIDList parameter, which could allow the malicious user to view, add, modify or delete information in the back-end database.

Vulnerability Trend