Filtered by vendor Aveva
Subscriptions
Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10628 | 1 Aveva | 2 Intouch 2014, Intouch 2017 | 2024-11-21 | N/A |
| AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process. | ||||
| CVE-2018-10620 | 1 Aveva | 2 Indusoft Web Studio, Intouch Machine 2017 | 2024-11-21 | 9.8 Critical |
| AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. | ||||
| CVE-2017-6021 | 2 Aveva, Schneider-electric | 2 Clearscada, Clearscada | 2024-11-21 | N/A |
| In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-6618 | 2 Aveva, Ocean Data Systems | 2 Reports For Operations 2023, Dream Report 2023 | 2024-08-20 | N/A |
| In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). | ||||
| CVE-2024-6456 | 1 Aveva | 1 Historian | 2024-08-19 | N/A |
| AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL. | ||||
| CVE-2024-6619 | 2 Aveva, Ocean Data Systems | 2 Reports For Operations 2023, Dream Report 2023 | 2024-08-14 | N/A |
| In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service. | ||||