AVEVA Vijeo Citect and Citect SCADA Floating License Manager

CVSS 9.8 CRITICAL

Risk Summary

These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product.

CVE-2018-20031 CVE-2018-20032 CVE-2018-20033 CVE-2018-20034

AVEVA states that users who have deployed Floating License Manager Version 2.3.0.0 and earlier to manage their Software Licensing for Vijeo Citect or Citect SCADA (Version 7.30 and later) could be impacted.
Impacted users should upgrade to Floating License Manager (FLM) Version 2.3.1.0 as soon as possible.
FLM Version 2.3.1.0 is already available via SESU (Schneider Electric Software Update tool).
Details are described in the Schneider Electric Security Notification SEVD-2019-134-04.

AVEVA Software, LLC

AVEVA Software, LLC · Vijeo Citect and Citect SCADA Floating License Manager <= 2.3.0.0

Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.