CVE-2021-32942 — Cleartext Storage of Sensitive Information in Memory in Intouch

CWE-316 — Cleartext Storage of Sensitive Information in Memory CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

5.5MEDIUMNVD

CNA6.6

EPSS

0.0%

top 91.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aveva Intouch Aveva Intouch 2020

Timeline

PublishedJun 9

Latest updateMay 24

Description

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDaveva/intouch_2020r2

▶CVEListV5aveva/intouchunspecified — 2020 R2

Patches

Patch: us-cert.cisa.gov ↗Patch: www.aveva.com ↗Patch: us-cert.cisa.gov ↗

🔴Vulnerability Details

GHSA

GHSA-jfgv-77w2-93rx: The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privil↗2022-05-24

▶

CVEList

CVE-2021-32942: The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privil↗2021-06-09

▶