CVE-2021-42796OS Command Injection in Edge

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 68.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Aveva Edge
Timeline
PublishedDec 16

Description

An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDaveva/edge< 2020+1

🔴Vulnerability Details

2
CVEList
CVE-2021-42796: An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrar2023-12-16
GHSA
GHSA-w96c-3jm7-32vm: An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrar2023-12-16
CVE-2021-42796 — OS Command Injection in Aveva Edge | cvebase