Rewterz Threat Advisory – CVE-2020-1351 – AVEVA Enterprise Data Management Web SQL injection

Severity

Medium

Analysis Summary

AVEVA Enterprise Data Management Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Impact

Data Manipulation

Affected Vendors

AVEVA

Affected Products

AVEVA Enterprise Data Management Web

Remediation

AVEVA recommends users to upgrade to AVEVA Enterprise Data Management Web v2019 SP1.