← volver
CVE-2019-6545

CVE-2019-6545

EPSS 13.9%CWE-99
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
Productos afectados
ICS-CERT · AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update
PoCs públicas encontradas2
cve_referencewww.exploit-db.com/exploits/46342/no verificadoexploitdbwww.exploit-db.com/exploits/46342no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01https://www.exploit-db.com/exploits/46342/https://www.tenable.com/security/research/tra-2019-04