You are here

AVEVA Enterprise Data Management Web (ICSA-20-254-01)

AVEVA Enterprise Data Management Web (ICSA-20-254-01)

Created: Thursday, September 10, 2020 - 13:46
Categories:
Cyber Security

CISA has published an advisory on an SQL injection vulnerability in AVEVA Enterprise Data Management Web. Enterprise Data Management Web v2019 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected device. AVEVA reports that affected users are recommended to upgrade to AVEVA Enterprise Data Management Web v2019 SP1 as soon as possible. If an upgrade to v2019 SP1 is not possible, users can contact AVEVA Global Customer Support, and a hot-fix can be made available for eDNA Web v2018 SP2. Other versions will not be hot-fixed and must be upgraded. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.