Main Vulnerability Database Exploits ID:6036 - Exploit for Resource injection in InTouch Edge HMI and AVEVA Edge - CVE-2019-6545

ID:6036 - Exploit for Resource injection in InTouch Edge HMI and AVEVA Edge - CVE-2019-6545

Published: June 17, 2021

Vulnerability identifier: #VU17383

Vulnerability risk: High

CVE-ID: CVE-2019-6545

CWE-ID: CWE-99

Exploitation vector: Remote access

Vulnerable software:
InTouch Edge HMI
AVEVA Edge

Link to public exploit:

https://www.exploit-db.com/exploits/46342/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the TCP/IP Server Task due to resource injection. A remote unauthenticated attacker can use a specially crafted database connection configuration file and execute arbitrary code under the program runtime privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

ID:6036 - Exploit for Resource injection in InTouch Edge HMI and AVEVA Edge - CVE-2019-6545

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human