Local User Credential Exposure in Vijeo Citect and CitectSCADA Software
CVE-2019-10981

7.8HIGH

Key Information:

Vendor: Aveva
Status: Aveva Vijeo Citect And Citectscada
Vendor: CVE Published:; 31 May 2019

What is CVE-2019-10981?

In AVEVA's Vijeo Citect and CitectSCADA versions 7.30 and 7.40, a vulnerability has been discovered that could enable an authenticated local user to gain unauthorized access to sensitive Citect user credentials. This exposure raises significant security concerns, as it may result in unauthorized access to system configurations and data, potentially leading to further exploitation or manipulation of the industrial control systems.

Affected Version(s)

AVEVA Vijeo Citect and CitectSCADA Vijeo Citect 7.30 and 7.40 CitectSCADA 7.30 and 7.40

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01

x_refsource_MISC

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulle...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108543

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2019
Vulnerability Reserved
Apr 8, 2019

Aveva

What is CVE-2019-10981?

Affected Version(s)

References

CVSS V3.1

Timeline