CVE-2020-13504 — CRITICAL (9.8)

Vulnerability Description

Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aveva	Edna Enterprise Data Historian	3.0.1.2\/7.5.4989.33053

Related Weaknesses (CWE)

CWE-89

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108ExploitTechnical DescriptionThird Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108ExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2020-13504?

CVE-2020-13504 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An att...

How severe is CVE-2020-13504?

CVE-2020-13504 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-13504?

Check the references section above for vendor advisories and patch information. Affected products include: Aveva Edna Enterprise Data Historian.