Preface: In the Ukraine hack, the utilities not only lost their visibility but also ceded control of their networks to remote attackers later linked to APT Group (Dec 2015).
About AVEVA : AVEVA Group plc is a British multinational information technology company headquartered in Cambridge, United Kingdom. It provides engineering and industrial software. Schneider Electric is now the largest shareholder with a 60% ownership interest.
Vulnerability details:
In Vijeo Citect 7.30 and 7.40 and CitectSCADA 7.30 and 7.40 versions, it could allow a malicious entity to obtain the Citect User Credentials because Citect User Credentials in memory are stored in clear text.
Remark: If the client deploy above solution and does not integrate workstation with internet function. The cyber security risk will be retained similar vendor opinion. It is a medium risk. Properly require adjust the rating if client workstation has internet web browsing function.
The official announcement is as follows: https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityAdvisory_LFSec136.pdf