QwikSec

Security Database

CVE

CWE

Training

CVE-2019-6525

Published: Apr 11, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.

Vendor	Product	Versions
AVEVA	Wonderware System Platform	affected `2017 Update 2 and prior`

Weaknesses (CWE)

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-029-03

x_refsource_MISC

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec135.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.