The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03 | Patch Third Party Advisory US Government Resource |
https://www.aveva.com/en/support/cyber-security-updates/ | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2021-06-08T00:00:00
Updated: 2021-06-09T16:06:26
Reserved: 2021-05-13T00:00:00
Link: CVE-2021-32942
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-09T17:15:07.737
Modified: 2022-10-25T19:38:40.993
Link: CVE-2021-32942
JSON object: View
Redhat Information
No data.