Remote Code Execution Vulnerability in AVEVA Edge by AVEVA
CVE-2022-28687

7.8HIGH

Key Information:

Vendor: Aveva
Status: Edge
Vendor: CVE Published:; 29 March 2023

What is CVE-2022-28687?

A vulnerability in AVEVA Edge allows remote attackers to execute arbitrary code by exploiting flaws in the handling of APP files. This vulnerability requires user interaction, as it necessitates visiting a malicious webpage or opening a compromised file. The root cause lies in the process's handling of unsecured library locations, enabling attackers to execute code within the context of the running process. Users are advised to evaluate their systems for this weakness and ensure proper security measures are in place.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Edge 2020 SP2 Patch 0(4201.2111.1802.0000)

References

https://www.aveva.com/content/dam/aveva/documents/support...

https://www.zerodayinitiative.com/advisories/ZDI-22-1126/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Apr 5, 2022

Credit

Flashback Team: Pedro Ribeiro (@pedrib1337) && Radek Domanski (@RabbitPro)

JSON

Aveva

What is CVE-2022-28687?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.