#VU18823 Insufficiently protected credentials in Citect SCADA and Vijeo Citect - CVE-2019-10981
Published: June 18, 2019
Vulnerability identifier: #VU18823
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-10981
CWE-ID: CWE-522
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Citect SCADA
Vijeo Citect
Citect SCADA
Vijeo Citect
Software vendor:
AVEVA Software, LLC.
AVEVA Software, LLC.
Description
The vulnerability allows a local attacker to obtain the user credentials.
Vulnerability exist due to the user credentials in memory are stored in clear text. A local non-authorized user with high privileges can read the memory and obtain the credentials.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Customers should upgrade to the latest release of CitectSCADA2018.