Main Vulnerability Database Vulnerabilities #VU17382

#VU17382 Missing authentication for critical function in InTouch Edge HMI and AVEVA Edge - CVE-2019-6543

Published: February 5, 2019 / Updated: June 17, 2021

Vulnerability identifier: #VU17382

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2019-6543

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
InTouch Edge HMI
AVEVA Edge

Software vendor:
AVEVA Software, LLC.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the TCP/IP Server Task due to missing authentication for critical function. A remote unauthenticated attacker can execute arbitrary code under the program runtime privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec133.pdf

#VU17382 Missing authentication for critical function in InTouch Edge HMI and AVEVA Edge - CVE-2019-6543

Description

Remediation

External links

Please verify you're human