CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.338

EPSS Ranking 96.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01
https://www.exploit-db.com/exploits/46342/
https://www.tenable.com/security/research/tra-2019-04
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01
https://www.exploit-db.com/exploits/46342/
https://www.tenable.com/security/research/tra-2019-04

Products affected by CVE-2019-6545

Aveva » Indusoft Web Studio » Version: 6.1

cpe:2.3:a:aveva:indusoft_web_studio:6.1
Aveva » Indusoft Web Studio » Version: 7.1

cpe:2.3:a:aveva:indusoft_web_studio:7.1
Aveva » Indusoft Web Studio » Version: 8.0

cpe:2.3:a:aveva:indusoft_web_studio:8.0
Aveva » Indusoft Web Studio » Version: 8.1

cpe:2.3:a:aveva:indusoft_web_studio:8.1
Aveva » Intouch Machine Edition 2014 » Version: r2

cpe:2.3:a:aveva:intouch_machine_edition_2014:r2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-6545

Products

Pricing

Contact Us