CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-6525

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 4.0

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-029-03
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec135.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-029-03
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec135.pdf

Products affected by CVE-2019-6525

Aveva » Wonderware System Platform » Version: 2014

cpe:2.3:a:aveva:wonderware_system_platform:2014
Aveva » Wonderware System Platform » Version: 2017

cpe:2.3:a:aveva:wonderware_system_platform:2017

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-6525

Products

Pricing

Contact Us