medium
6.6
CWE
312 316
Advisory Published
Updated

CVE-2021-32942

First published: Tue Jun 08 2021(Updated: )

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Aveva Intouch 2017=update3
Aveva Intouch 2020
Aveva Intouch 2020=r2
AVEVA Software, LLC InTouch 2020 R2 and all prior versions

Remedy

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03

Remedy

https://www.aveva.com/en/support/cyber-security-updates/

Remedy

AVEVA recommends organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users of InTouch 2020 R2 and all prior versions are affected and should first upgrade to one of the versions listed below, then apply the corresponding security update: InTouch 2020 R2: Update to InTouch 2020 R2 P01 InTouch 2020: Update to Security Update 1216934InTouch 2017 U3 SP1 P01: Update to Security Update 1216933

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-32942?

    CVE-2021-32942 is a vulnerability in AVEVA InTouch Runtime 2020 R2 and prior versions that could expose cleartext credentials if a privileged user creates a diagnostic memory dump and saves it to a non-protected location.

  • How does CVE-2021-32942 affect AVEVA InTouch?

    CVE-2021-32942 affects AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) of the software.

  • How severe is CVE-2021-32942?

    CVE-2021-32942 has a severity rating of 5.5 (Medium).

  • What is the Common Weakness Enumeration (CWE) ID for CVE-2021-32942?

    CVE-2021-32942 is associated with CWE-312 and CWE-316.

  • How can I protect against CVE-2021-32942?

    To protect against CVE-2021-32942, it is recommended to update to the latest version of AVEVA InTouch Runtime or follow the mitigation steps provided by the software vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203