CVE-2021-42797

HIGH

AVEVA Edge < 2020 - Unauthenticated Path Traversal

Title source: llm

Description

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

References (2)

Core 2

Core References

Product

https://www.aveva.com/en/products/edge/

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01

Scores

CVSS v3 7.5

EPSS 0.0100

EPSS Percentile 58.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

aveva/edge 2020 (3 CPE variants)

aveva/edge < 2020

Published Dec 16, 2023

Tracked Since Feb 18, 2026