CVE-2021-32959: AVEVA SuiteLink Server Buffer Overflow
First published: Thu Sep 23 2021(Updated: )
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aveva Suitelink | <3.2.002 |
Remedy
AVEVA recommends organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing. Please see AVEVA security bulletin AVEVA-2021-003 for more information.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32959?
CVE-2021-32959 is a heap-based buffer overflow vulnerability in the SuiteLink server while processing commands 0x05 and 0x06.
What is the severity of CVE-2021-32959?
CVE-2021-32959 has a severity rating of 9.8 (Critical).
Which software is affected by CVE-2021-32959?
Aveva Suitelink versions up to exclusive 3.2.002 are affected by CVE-2021-32959.
How does CVE-2021-32959 impact the affected software?
CVE-2021-32959 can lead to a heap-based buffer overflow in the SuiteLink server, resulting in potential remote code execution or denial of service.
Is there a fix available for CVE-2021-32959?
Yes, Aveva has released a security bulletin (SecurityBulletin_AVEVA-2021-003.pdf) with the necessary patches and mitigation steps to address CVE-2021-32959.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/title
- agent/weakness
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/aveva
- canonical/aveva suitelink