Multiple vulnerabilities in AVEVA Wonderware System Platform



Published: 2019-01-30 | Updated: 2019-05-03
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-6525
CVE-2018-19021
CWE-ID CWE-200
CWE-592
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
Wonderware System Platform
Server applications / SCADA systems

Vendor AVEVA Software, LLC.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

UPDATED: 03.05.2019
Added information about vulnerability #2, added link to Kaspersky Lab.

1) Information disclosure

EUVDB-ID: #VU17278

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6525

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to Wonderware System Platform uses an ArchestrA network user account for authentication of system processes and inter-node communications. A local attacker can make use of an API to obtain the credentials for this account.

Mitigation

Update to version 2017 Update 3.

Vulnerable software versions

Wonderware System Platform: 2017 - 2017 Update 2

External links

http://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec135.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Authorization bypass

EUVDB-ID: #VU16938

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19021

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to bypass authentication on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An adjacent unauthenticated attacker can supply a specially crafted script to bypass the authentication of a maintenance port of a service and cause a denial of service.

Mitigation

Update to Wonderware System Platform - 2017 Update 3.

Vulnerable software versions

Wonderware System Platform: 2017 - 2017 Update 2

External links

http://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-002-avea-wonderware-system-platform-vulnerability-unauthorized-access-to-credentials/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###