AVEVA Historian Web Server

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated user to get read and write access to the database.

CVEs (1)

Remediations

• AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Customers using affected product versions should apply security updates as soon as possible.
• AVEVA recommends Historian is upgraded by AVEVA System Platform media:
• (Recommended) All affected versions can be fixed by upgrading to AVEVA System Platform 2023 R2 P01
• (Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to AVEVA System Platform 2023 P04
• (Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact AVEVA Global Customer Support for instructions on how to download and apply this security fix.
• AVEVA also recommends the following general defensive measures:
• Establish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.
• For information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support. If you discover errors or omissions in this advisory, please report the finding to Support.
• For the latest AVEVA security information and security updates, please visit AVEVA Security Central.
• Aveva recommends user looking for general information regarding how to secure Industrial Control Systems please reference the NIST Guide to Operational Technology (OT) Security, NIST SP800-82r3.
• For more information, see AVEVA's Security Bulletin AVEVA-2024-005.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing