Unauthenticated Arbitrary Command Execution in AVEVA Edge (formerly InduSoft Web Studio) R2020 and Prior

Unauthenticated Arbitrary Command Execution in AVEVA Edge (formerly InduSoft Web Studio) R2020 and Prior

CVE-2021-42796 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

Learn more about our Web App Pen Testing.