VDB
CVE-2021-42794
CVE-2021-42794
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
EPSS 0.33% · 56.1th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
EPSS Score
0.33%
56.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| aveva | edge | 2020, 2020, 2020 |
Timeline
- Dec 16, 2023 CVE Published
- Dec 16, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 12, 2024 EPSS Score
- Mar 12, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 10, 2024 EPSS Score
- Jun 8, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
- Aug 4, 2024 CVE Updated
- Aug 5, 2024 EPSS Score
- Sep 3, 2024 EPSS Score
References
- https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf url
- https://www.aveva.com/en/products/edge/ url
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-42794 advisory
- https://www.aveva.com/en/products/edge url