Arbitrary Process Execution via Specially Crafted Database Connection Configuration File in AVEVA InduSoft Web Studio and InTouch Edge HMI
CVE-2019-6545 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
Learn more about our Web App Pen Testing.