Security Advisory

AVEVA Edge Vulnerabilities

Risk Information

Limited Threat

CVE ID

CVE-2021-42796

CVE-2021-42794

CVE-2021-42797

CVE-2021-42795

Vunerability Type

Improper Access Control

Exposure of Sensitive Information to an Unauthorized Actor

Path Traversal

Uncontrolled Resource Consumption

CVSS3 Score

9.8

5.3

8.6

7.5

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AVEVA Edge and InduSoft Web Studio R2020 and prior.

AVEVA has not yet produced a patch to address these issues.

11/04/2021