Vulnerability Description
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Edna Enterprise Data Historian | 3.0.1.2\/7.5.4989.33053 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1106ExploitTechnical DescriptionThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-254-01Third Party AdvisoryUS Government Resource
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1106ExploitTechnical DescriptionThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-254-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-13499?
CVE-2020-13499 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections ...
How severe is CVE-2020-13499?
CVE-2020-13499 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-13499?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Edna Enterprise Data Historian.