CVE-2022-0835

AVEVA System Platform Cleartext Storage of Sensitive Information in Memory

Description

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

Solution:

AVEVA recommends users of affected versions upgrade to one of the versions listed below and apply the corresponding security update: • AVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: update to AVEVA System Platform 2020 R2 SP1 • AVEVA System Platform 2020: update to AVEVA System Platform 2020 P01 For more information on this issue, including security updates, please see Security Bulletin AVEVA-2021-007

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02	third party advisory us government resource
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf	vendor advisory

What is the severity of CVE-2022-0835?: CVE-2022-0835 has been scored as a high severity vulnerability.
How to fix CVE-2022-0835?: To fix CVE-2022-0835: AVEVA recommends users of affected versions upgrade to one of the versions listed below and apply the corresponding security update: • AVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: update to AVEVA System Platform 2020 R2 SP1 • AVEVA System Platform 2020: update to AVEVA System Platform 2020 P01 For more information on this issue, including security updates, please see Security Bulletin AVEVA-2021-007
Is CVE-2022-0835 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-0835 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-0835?: CVE-2022-0835 affects AVEVA AVEVA System Platform.