CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

CWE 1 Total

Learn more

CWE-316: CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN MEMORY CWE-316

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
6.6	MEDIUM	3.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

Credits

Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA.

References 2 Total

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03
external site
https://www.aveva.com/en/support/cyber-security-updates/
external site

Updated: 2024-08-03

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03
external site
x_transferred
https://www.aveva.com/en/support/cyber-security-updates/
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: ICS-CERT

Description

CWE 1 Total

CVSS 1 Total

Product Status

Credits

References 2 Total

CVE Program

References 2 Total