AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAveva System Platform
APPAveva20202017 – 2020 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2023-6132HIGH7.3ten sam produkt
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arb...
CVE-2023-33873HIGH7.8ten sam produkt
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...
CVE-2021-38410HIGH7.3ten sam produkt
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to...
CVE-2022-0835HIGH8.1ten sam produkt
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or...
CVE-2021-33010HIGH7.5ten sam produkt
An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is n...