CVE-2019-10981

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 76.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aveva Aveva Vijeo Citect AND Citectscada Schneider-electric Citectscada Schneider-electric Scada Expert Vijeo Citect

Timeline

PublishedMay 31

Latest updateMay 24

Description

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5aveva/aveva_vijeo_citect_and_citectscadaVijeo Citect 7.30 and 7.40 CitectSCADA 7.30 and 7.40

▶NVDschneider-electric/citectscada7.30, 7.40+1

▶NVDschneider-electric/scada_expert_vijeo_citect7.30, 7.40+1

Patches

Patch: sw.aveva.com ↗Patch: sw.aveva.com ↗

🔴Vulnerability Details

GHSA

GHSA-739w-chhw-jpxj: In Vijeo Citect 7↗2022-05-24

▶

CVEList

CVE-2019-10981: In Vijeo Citect 7↗2019-05-31

▶