Vulnerability identifier: #VU55997
Vulnerability risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-122
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
AVEVA System Platform
Server applications /
SCADA systems
AVEVA InTouch
Server applications /
Other server solutions
AVEVA Historian
Server applications /
Other server solutions
AVEVA Communication Drivers Pack
Server applications /
Other server solutions
AVEVA Operations Integration Core
Server applications /
Other server solutions
AVEVA Data Acquisition Servers
Server applications /
Other server solutions
AVEVA Batch Management
Server applications /
Other server solutions
AVEVA MES
Server applications /
Other server solutions
AVEVA SuiteLink Server
Server applications /
Other server solutions
Vendor: AVEVA Software, LLC.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in SuiteLink server while processing commands 0x05/0x06. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
AVEVA System Platform: 2020 R2 P01
AVEVA InTouch: 2020 R2 P01
AVEVA Historian: 2020 R2 P01
AVEVA Communication Drivers Pack: 2020 R2
AVEVA Operations Integration Core: 3.0
AVEVA Data Acquisition Servers: All versions
AVEVA Batch Management: 2020
AVEVA MES: 2014 R2
External links
http://ics-cert.us-cert.gov/advisories/icsa-21-231-01
http://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AV...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.