CVE-2021-32942

Summary

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

Affected Software

VendorProductVersion RangeStatus
AVEVAInTouchunspecified <= 2020 R2affected

Weaknesses

  • CWE-316: CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN MEMORY CWE-316

ADP Enrichment

CVE Program Container

Additional References

References