Arbitrary Code Execution Vulnerability in AVEVA Edge by AVEVA
CVE-2022-28685

7.8HIGH

Key Information:

Vendor: Aveva
Status: Edge
Vendor: CVE Published:; 29 March 2023

What is CVE-2022-28685?

The vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge by exploiting improper validation of user-supplied data during the parsing of APP files. User interaction is necessary, as the target must either visit a malicious page or open a malicious file. If successfully exploited, this can lead to deserialization of untrusted data, enabling attackers to execute code within the context of the affected process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Edge 2020 SP2 Patch 0(4201.2111.1802.0000)

References

https://www.zerodayinitiative.com/advisories/ZDI-22-1124/

https://www.aveva.com/content/dam/aveva/documents/support...

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Apr 5, 2022

Credit

Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team

JSON

Aveva

What is CVE-2022-28685?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

CVSS V3.0

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.