CVE-2021-42797 — Vulnetix

CVE-2021-42797 PUBLISHED CVSS 7.5 HIGH

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

EPSS 0.22% · 44.2th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.22%

44.2th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
aveva	edge	0, 2020, 2020

Exploit Intelligence

https://www.aveva.com/en/products/edge/ (circl)
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 (circl)

Timeline

Dec 16, 2023 CVE Published
Dec 16, 2023 EPSS Score
Jan 14, 2024 EPSS Score
Feb 12, 2024 EPSS Score
Mar 13, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 10, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 7, 2024 EPSS Score
Aug 4, 2024 CVE Updated
Sep 4, 2024 EPSS Score
Oct 3, 2024 EPSS Score

References

https://www.aveva.com/en/products/edge/ url
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 url
https://nvd.nist.gov/vuln/detail/CVE-2021-42797 advisory
https://www.aveva.com/en/products/edge url

Open in Interactive Console →