CVE-2019-6545
Published Feb 13, 2019
Last updated 2 years ago
Overview
- Description
- AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- ics-cert@hq.dhs.gov
- CWE-99
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7C2429-3A6B-4552-B12D-CBA00563907D" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp6_p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05020B8D-DB30-4BDA-9BD3-0C7C4804859B" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55E9450D-F600-4DC6-8C72-8D79974B6802" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2CB5BAC-BFCE-41C2-A25C-3E6CB218FBD6" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBFEECD4-C454-4A47-9B81-91699C325DC3" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A62CC412-F399-40B7-8000-A4A707F7F6F1" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127CC5C8-822A-4630-813E-5AE39BEBD5A2" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D90DF6B-B281-48D3-8672-25294990E611" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8721C8BE-1946-4030-B056-67A6B42BCDCA" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C07C446B-6125-46D7-BDC4-11849BA6A72D" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D4A9403-5D1E-464F-8B40-D554F4A7C3AE" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDFC8512-2971-48C3-9576-0FA74B59406B" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2991440-E8EB-4AB1-A861-2A263C443DEF" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23DA9BCB-F9BD-4F9F-A77E-95210C270539" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD1C359C-61FA-4E5F-81CA-991BCB8CD9A8" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07A836A-535F-437E-BD25-1D833BD63327" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD4BA73-691D-4E12-936C-7B0F0A0AFF0F" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D515729F-9316-470F-8D18-34B674E8F5D4" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542A2064-3D3D-4EF0-AEF5-3D8C45BD8CA6" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C282BFD-02D9-4F80-BBD9-B84B0703D07A" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92E5DA1B-459C-44B2-9E0B-2B88C985DA98" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186D0227-8791-44E0-8B80-2AE0427B69D7" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDA36D8C-6CE2-4C5B-A4E2-68031D97516D" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7B550C6-160F-480D-8B70-92C6D236C3EA" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C809DC5-73DC-4E00-ABAB-558844CE2103" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC7F3AAD-E423-4CA2-BB78-AC7B081338D3" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "870D0F41-F2CE-4693-8815-5527A6E5ECD9" }, { "criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA02828-7756-4F12-9F3A-DBBD20AFEAF7" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:aveva:intouch_machine_edition_2014:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67AB4CF8-A2C6-4B0D-87EB-62617943F705" } ], "operator": "OR" } ] } ]