{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6456", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-07-02T18:09:17.280Z", "datePublished": "2024-08-15T20:10:58.586Z", "dateUpdated": "2024-08-16T13:32:49.662Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Historian Web Server", "vendor": "AVEVA", "versions": [{"status": "affected", "version": "2023R2"}, {"lessThan": "2023 P03", "status": "affected", "version": "2023", "versionType": "custom"}, {"lessThan": "2020 R2 SP1 P01", "status": "affected", "version": "2020", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Maurizio Gatti from Accenture S.p.A reported this vulnerability to AVEVA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL."}], "value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-08-15T20:10:58.586Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-10"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates as soon as possible.</p><p>AVEVA recommends Historian is upgraded by AVEVA System Platform media:</p><ul><li>(Recommended) All affected versions can be fixed by upgrading to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=f9477c62-1966-4020-8909-fa20f4ef2b2b\">AVEVA System Platform 2023 R2 P01</a></li><li>(Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=2a9cc3c1-be8a-4f61-8973-dadab079f9a7\">AVEVA System Platform 2023 P04</a></li><li>(Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\">AVEVA Global Customer Support</a>&nbsp;for instructions on how to download and apply this security fix.</li></ul><p>AVEVA also recommends the following general defensive measures:</p><ul><li>Establish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.</li></ul><p>For information on how to reach AVEVA support for your product, please refer to this link: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\">AVEVA Customer Support</a>. If you discover errors or omissions in this advisory, please report the finding to Support.</p><p>For the latest AVEVA security information and security updates, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/securitycentral\">AVEVA Security Central</a>.</p><p>Aveva recommends users looking for general information regarding how to secure Industrial Control Systems reference the NIST Guide to Operational Technology (OT) Security, <a target=\"_blank\" rel=\"nofollow\" href=\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf\">NIST SP800-82r3</a>.</p><p>For more information, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-005.pdf\">AVEVA's Security Bulletin AVEVA-2024-005.</a></p>\n\n<br>"}], "value": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates as soon as possible.\n\nAVEVA recommends Historian is upgraded by AVEVA System Platform media:\n\n  *  (Recommended) All affected versions can be fixed by upgrading to  AVEVA System Platform 2023 R2 P01 https://softwaresupportsp.aveva.com/#/producthub/details \n  *  (Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to  AVEVA System Platform 2023 P04 https://softwaresupportsp.aveva.com/#/producthub/details \n  *  (Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact  AVEVA Global Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0for instructions on how to download and apply this security fix.\n\n\nAVEVA also recommends the following general defensive measures:\n\n  *  Establish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ . If you discover errors or omissions in this advisory, please report the finding to Support.\n\nFor the latest AVEVA security information and security updates, please visit  AVEVA Security Central https://softwaresupportsp.aveva.com/#/securitycentral .\n\nAveva recommends users looking for general information regarding how to secure Industrial Control Systems reference the NIST Guide to Operational Technology (OT) Security,  NIST SP800-82r3 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf .\n\nFor more information, see  AVEVA's Security Bulletin AVEVA-2024-005. https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-005.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL Injection vulnerability in AVEVA Historian Server", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "aveva", "product": "historian", "cpes": ["cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2020", "status": "affected", "lessThan": "2020_r2_sp1_p01", "versionType": "custom"}]}, {"vendor": "aveva", "product": "historian", "cpes": ["cpe:2.3:a:aveva:historian:2023:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2023", "status": "affected", "lessThan": "2023_p03", "versionType": "custom"}]}, {"vendor": "aveva", "product": "historian", "cpes": ["cpe:2.3:a:aveva:historian:2023r2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2023r2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T13:26:10.793548Z", "id": "CVE-2024-6456", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T13:32:49.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6456", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-16T13:26:10.793548Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*"], "vendor": "aveva", "product": "historian", "versions": [{"status": "affected", "version": "2020", "lessThan": "2020_r2_sp1_p01", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:aveva:historian:2023:*:*:*:*:*:*:*"], "vendor": "aveva", "product": "historian", "versions": [{"status": "affected", "version": "2023", "lessThan": "2023_p03", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:aveva:historian:2023r2:*:*:*:*:*:*:*"], "vendor": "aveva", "product": "historian", "versions": [{"status": "affected", "version": "2023r2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T13:32:44.071Z"}}], "cna": {"title": "SQL Injection vulnerability in AVEVA Historian Server", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Maurizio Gatti from Accenture S.p.A reported this vulnerability to AVEVA."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AVEVA", "product": "Historian Web Server", "versions": [{"status": "affected", "version": "2023R2"}, {"status": "affected", "version": "2023", "lessThan": "2023 P03", "versionType": "custom"}, {"status": "affected", "version": "2020", "lessThan": "2020 R2 SP1 P01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates as soon as possible.\n\nAVEVA recommends Historian is upgraded by AVEVA System Platform media:\n\n  *  (Recommended) All affected versions can be fixed by upgrading to  AVEVA System Platform 2023 R2 P01 https://softwaresupportsp.aveva.com/#/producthub/details \n  *  (Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to  AVEVA System Platform 2023 P04 https://softwaresupportsp.aveva.com/#/producthub/details \n  *  (Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact  AVEVA Global Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0for instructions on how to download and apply this security fix.\n\n\nAVEVA also recommends the following general defensive measures:\n\n  *  Establish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ . If you discover errors or omissions in this advisory, please report the finding to Support.\n\nFor the latest AVEVA security information and security updates, please visit  AVEVA Security Central https://softwaresupportsp.aveva.com/#/securitycentral .\n\nAveva recommends users looking for general information regarding how to secure Industrial Control Systems reference the NIST Guide to Operational Technology (OT) Security,  NIST SP800-82r3 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf .\n\nFor more information, see  AVEVA's Security Bulletin AVEVA-2024-005. https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-005.pdf", "supportingMedia": [{"type": "text/html", "value": "<p>AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users with affected product versions should apply security updates as soon as possible.</p><p>AVEVA recommends Historian is upgraded by AVEVA System Platform media:</p><ul><li>(Recommended) All affected versions can be fixed by upgrading to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=f9477c62-1966-4020-8909-fa20f4ef2b2b\">AVEVA System Platform 2023 R2 P01</a></li><li>(Alternative 1) Historian 2023 through 2023 P03 can be fixed by upgrading to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=2a9cc3c1-be8a-4f61-8973-dadab079f9a7\">AVEVA System Platform 2023 P04</a></li><li>(Alternative 2) Historian 2020 R2 through 2020 R2 SP1 P01 can be fixed by first upgrading to AVEVA System Platform 2020 R2 SP1 P01 and then applying Hotfix 3190476. Please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\">AVEVA Global Customer Support</a>&nbsp;for instructions on how to download and apply this security fix.</li></ul><p>AVEVA also recommends the following general defensive measures:</p><ul><li>Establish procedures for Historian REST Interface users to verify the source of URLs shared with them is trusted before opening.</li></ul><p>For information on how to reach AVEVA support for your product, please refer to this link: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\">AVEVA Customer Support</a>. If you discover errors or omissions in this advisory, please report the finding to Support.</p><p>For the latest AVEVA security information and security updates, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/securitycentral\">AVEVA Security Central</a>.</p><p>Aveva recommends users looking for general information regarding how to secure Industrial Control Systems reference the NIST Guide to Operational Technology (OT) Security, <a target=\"_blank\" rel=\"nofollow\" href=\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf\">NIST SP800-82r3</a>.</p><p>For more information, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-005.pdf\">AVEVA's Security Bulletin AVEVA-2024-005.</a></p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-10", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.", "supportingMedia": [{"type": "text/html", "value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-08-15T20:10:58.586Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6456", "state": "PUBLISHED", "dateUpdated": "2024-08-16T13:32:49.662Z", "dateReserved": "2024-07-02T18:09:17.280Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-08-15T20:10:58.586Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL."}, {"lang": "es", "value": " AVEVA Historian Server tiene una vulnerabilidad que, si se explota, podr\u00eda permitir que un comando SQL malicioso se ejecute bajo los privilegios de un usuario interactivo de la interfaz REST de Historian que hab\u00eda sido dise\u00f1ado socialmente por un malhechor para abrir una URL especialmente manipulada."}], "id": "CVE-2024-6456", "lastModified": "2024-08-19T13:00:23.117", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-08-15T21:15:18.047", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-10"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}