CVE-2020-13505

CRITICAL

AVEVA EDNA Enterprise Data Historian - Unauthenticated SQL Injection via psClass Parameter

Title source: llm
STIX 2.1

Description

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108

Scores

CVSS v3 9.8
EPSS 0.0118
EPSS Percentile 64.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
aveva/edna_enterprise_data_historian 3.0.1.2\/7.5.4989.33053
Published Sep 24, 2020
Tracked Since Feb 18, 2026