Path Traversal Vulnerability in AVEVA Edge by AVEVA
CVE-2021-42797

Currently unrated

Key Information:

Vendor: AVEVA
Status: AVEVA Edge
Vendor: CVE Published:; 16 December 2023

What is CVE-2021-42797?

A path traversal vulnerability exists in AVEVA Edge (formerly InduSoft Web Studio) that can be exploited by unauthenticated users to access sensitive information. This vulnerability allows attackers to steal the Windows access token of the user account configured for accessing external database resources, potentially resulting in unauthorized access to critical systems and data.

References

https://www.aveva.com/en/products/edge/

https://www.cisa.gov/news-events/ics-advisories/icsa-22-3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2023
Vulnerability Reserved
Oct 21, 2021