CVE-2019-6525

Summary

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.

Affected Software

VendorProductVersion RangeStatus
AVEVAWonderware System Platform2017 Update 2 and prioraffected

Weaknesses

  • CWE-522: INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

ADP Enrichment

CVE Program Container

Additional References

References