Historian Server Vulnerability Could Lead to Privilege Escalation
CVE-2024-6456

Currently unrated

Key Information:

Vendor: Aveva
Status: Historian Web Server
Vendor: CVE Published:; 15 August 2024

What is CVE-2024-6456?

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.

Affected Version(s)

Historian Web Server 2023R2

Historian Web Server 2023 < 2023 P03

Historian Web Server 2020 < 2020 R2 SP1 P01

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

government-resource

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024

Credit

Maurizio Gatti from Accenture S.p.A reported this vulnerability to AVEVA.

Aveva

What is CVE-2024-6456?

Affected Version(s)

References

Timeline

Credit