ICSA-20-254-01 · Published 2020-09-10 · View on CISA ICS-CERT ↗

AVEVA Enterprise Data Management Web

CVSS 9.6 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected device.

CVE-2020-13499 CVE-2020-13500 CVE-2020-13501

AVEVA reports that affected users are recommended to upgrade to AVEVA Enterprise Data Management Web v2019 SP1 as soon as possible. If an upgrade to v2019 SP1 is not possible, users can contact AVEVA Global Customer Support, and a hot-fix can be made available for eDNA Web v2018 SP2. Other versions will not be hot-fixed and must be upgraded. For help with applying upgrades and hot-fixes, please contact AVEVA Global Customer Support.
For more information see the AVEVA security bulletin here.

AVEVA Software, LLC

AVEVA Software, LLC · Enterprise Data Management Web <= 2019

Critical Manufacturing, Information Technology

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.