CVE-2024-6456

Severity CVSS v4.0:

Pending analysis

Type:

CWE-89 SQL Injection

Publication date:

15/08/2024

Last modified:

19/08/2024

Description

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.

Impact

References to Advisories, Solutions, and Tools

https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-10