Vulnerability Description
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Indusoft Web Studio | 6.1 |
| Aveva | Intouch Machine Edition 2014 | r2 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01MitigationThird Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/46342/ExploitThird Party AdvisoryVDB Entry
- https://www.tenable.com/security/research/tra-2019-04Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01MitigationThird Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/46342/ExploitThird Party AdvisoryVDB Entry
- https://www.tenable.com/security/research/tra-2019-04Third Party Advisory
FAQ
What is CVE-2019-6545?
CVE-2019-6545 is a vulnerability with a CVSS score of 7.5 (HIGH). AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specia...
How severe is CVE-2019-6545?
CVE-2019-6545 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6545?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Indusoft Web Studio, Aveva Intouch Machine Edition 2014.