CVE-2022-0835 : What You Need to Know
Discover the impact and mitigation steps for CVE-2022-0835 affecting AVEVA System Platform 2020. Upgrade to secure versions mentioned and follow long-term security best practices.
CVE-2022-0835, also known as AVEVA System Platform Cleartext Storage of Sensitive Information in Memory, is a vulnerability that affects AVEVA System Platform 2020. This CVE was reported by security researchers Noam Moshe of Claroty and Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar to AVEVA.
Understanding CVE-2022-0835
This section will provide insights into what CVE-2022-0835 is, its impact, technical details, and mitigation steps.
What is CVE-2022-0835?
AVEVA System Platform 2020 has been found to store sensitive information in cleartext, potentially granting unauthorized access to an attacker or a low-privileged user.
The Impact of CVE-2022-0835
The vulnerability has a high severity level with a CVSS base score of 8.1 out of 10. It poses a significant risk to confidentiality, integrity, and availability due to the storage of sensitive data in cleartext.
Technical Details of CVE-2022-0835
Let's delve into the specific technical aspects of this vulnerability.
Vulnerability Description
CVE-2022-0835 involves the cleartext storage of sensitive information in memory within AVEVA System Platform 2020.
Affected Systems and Versions
The affected products include AVEVA System Platform versions 5.59 2020 R2 P01, 2020 R2S, and 2020.
Exploitation Mechanism
The vulnerability's attack complexity is categorized as low, with a local attack vector and low privileges required. User interaction is also deemed necessary for exploitation.
Mitigation and Prevention
To address CVE-2022-0835 and enhance system security, follow the recommendations outlined below.
Immediate Steps to Take
Users of affected versions are advised to upgrade to the following versions and apply the corresponding security updates:
- AVEVA System Platform 2020 R2 P01 and AVEVA System Platform 2020 R2: Update to AVEVA System Platform 2020 R2 SP1
- AVEVA System Platform 2020: Update to AVEVA System Platform 2020 P01
Long-Term Security Practices
Incorporate robust security practices such as regular security assessments, monitoring, and user training to mitigate future risks.
Patching and Updates
Stay informed about security bulletins like AVEVA-2021-007 for additional information and updates regarding this vulnerability.