← back
CVE-2019-6545

CVE-2019-6545

EPSS 13.9%CWE-99
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
Affected products
ICS-CERT · AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update
public PoCs found2
cve_referencewww.exploit-db.com/exploits/46342/unverifiedexploitdbwww.exploit-db.com/exploits/46342unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01https://www.exploit-db.com/exploits/46342/https://www.tenable.com/security/research/tra-2019-04