CVE-2021-42796

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-42796
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.aveva.com/en/products/edge/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aveva:edge:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:r2:-:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:r2:sp1:*:*:*:*:*
History

20 Dec 2023, 17:32

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 - Third Party Advisory, US Government Resource
References () https://www.aveva.com/en/products/edge/ - () https://www.aveva.com/en/products/edge/ - Product
CPE cpe:2.3:a:aveva:edge:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:r2:-:*:*:*:*:*
cpe:2.3:a:aveva:edge:2020:r2:sp1:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE NVD-CWE-Other
First Time Aveva edge
Aveva

16 Dec 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-16 01:15

Updated : 2024-10-07 19:36

NVD link : CVE-2021-42796

Mitre link : CVE-2021-42796

JSON object : View

Products Affected

aveva

  • edge
CWE
NVD-CWE-Other