CVE-2019-10981 AVEVA Security Advisory LFSEC00000136 (May 2019)

Preface: In the Ukraine hack, the utilities not only lost their visibility but also ceded control of their networks to remote attackers later linked to APT Group (Dec 2015).

About AVEVA : AVEVA Group plc is a British multinational information technology company headquartered in Cambridge, United Kingdom. It provides engineering and industrial software. Schneider Electric is now the largest shareholder with a 60% ownership interest.

Vulnerability details:

In Vijeo Citect 7.30 and 7.40 and CitectSCADA 7.30 and 7.40 versions, it could allow a malicious entity to obtain the Citect User Credentials because Citect User Credentials in memory are stored in clear text.
Remark: If the client deploy above solution and does not integrate workstation with internet function. The cyber security risk will be retained similar vendor opinion. It is a medium risk. Properly require adjust the rating if client workstation has internet web browsing function.

The official announcement is as follows: https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityAdvisory_LFSec136.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.