← Back to home
ICSA-25-317-03  ·  Published 2025-11-13  ·  View on CISA ICS-CERT ↗

AVEVA Edge

CVSS 8.4 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force.

CVEs (1)

Remediations

  • AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
  • Users using the affected product versions should take the following actions to mitigate the risk of exploit:
  • Apply AVEVA Edge 2023 R2 P01 Security Update and migrate old project files.
  • For projects that cannot be migrated (e.g. backups or transient copies), evaluate the risk of potential password leakage from these files and implement stricter read access controls to protect these unsafe files.
  • Require AVEVA Edge users to change their passwords.
  • Important: Edge project migration from older versions to 2023 R2 P01 is one-way due to the change in password hashing algorithms.
  • The following general defensive measures are recommended:
  • Access Control Lists should be applied to all folders where users will save and load project files.
  • Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.
  • Apply data-protection at the project level with a strong master password. For configuration step-by-step refer to AVEVA Edge "Technical Reference Manual" > Project Overview > Configuring Additional Project Settings > Options Tab > Data Protection.
  • If passwords are being used as function parameters inside project documents (such as scripts or worksheets), it is recommended to remove those passwords and use project tags instead. For more information on tags refer to AVEVA Edge "Technical Reference Manual" > Tags and the Tag Database > About Tags and the Project Database.
  • For information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support.
  • For more information, see AVEVA's Security Bulletin AVEVA-2025-006 or AVEVA's bulletins page.

Affected Vendors

AVEVA

Affected Products (1)

AVEVA · Edge <=2023_R2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more