Known Vulnerabilities for products from Aveva
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Aveva".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Aveva can be found at device.report : Aveva
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23854 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-12-23 | 2024-01-19 |
| CVE-2021-42797 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-12-16 | 2023-12-20 |
| CVE-2021-42796 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-12-16 | 2023-12-20 |
| CVE-2021-42794 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2023-12-16 | 2023-12-20 |
| CVE-2021-38410 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-07-27 | 2022-08-04 |
| CVE-2021-33010 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-04-04 | 2022-04-13 |
| CVE-2021-33008 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-04-04 | 2022-04-13 |
| CVE-2021-32999 | Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 | 7.5 - HIGH | 2021-09-23 | 2021-10-01 |
| CVE-2021-32987 | Null pointer dereference in SuiteLink server while processing command 0x0b | 7.5 - HIGH | 2021-09-23 | 2021-10-01 |
| CVE-2021-32985 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-04-04 | 2022-04-13 |
| CVE-2021-32981 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-04-04 | 2022-04-13 |
| CVE-2021-32979 | Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a | 7.5 - HIGH | 2021-09-23 | 2021-10-01 |
| CVE-2021-32977 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-04-04 | 2022-04-13 |
| CVE-2021-32971 | Null pointer dereference in SuiteLink server while processing command 0x07 | 7.5 - HIGH | 2021-09-23 | 2021-10-01 |
| CVE-2021-32963 | Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 | 7.5 - HIGH | 2021-09-23 | 2021-10-01 |
| CVE-2021-32959 | Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 | 9.8 - CRITICAL | 2021-09-23 | 2021-10-01 |
| CVE-2021-32942 | The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer)... | 5.5 - MEDIUM | 2021-06-09 | 2022-10-25 |
| CVE-2020-13505 | Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web re... | 9.8 - CRITICAL | 2020-09-24 | 2020-09-25 |
| CVE-2020-13504 | Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP... | 9.8 - CRITICAL | 2020-09-24 | 2020-09-29 |
| CVE-2020-13501 | An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.... | 9.8 - CRITICAL | 2020-09-24 | 2022-06-07 |
Known software with vulnerabilities from Aveva
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Aveva | Clearscada | 2005 |
| Application | Aveva | Edna Enterprise Data Historian | 3.0.1.2\/7.5.4989.33053 |
| Hardware | Aveva | Iec870ip | - |
| Operating System | Aveva | Iec870ip Firmware | 4.14.02 |
| Application | Aveva | Indusoft Web Studio | 6.1 |
| Application | Aveva | Wonderware System Platform | 2014 |