CVE-2019-6525

CVE-2019-6525

Vendor Aveva
Product Wonderware System Platform
Weakness CWE-522 · Insufficiently protected credentials
Published April 11, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.

Key dates

02Disclosure timeline

April 11, 2019 CVE published
August 4, 2024 Record updated