SQL Injection in Aveva Historian Web Server
CVE-2024-6456
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a sp…
Vulnerability class: SQL Injection
EPSS: 0.004 (33.9th percentile) — read the EPSS interpretation.
Affected products
- Aveva Historian Web Server — versions 2023R2, 2023, 2020
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (government-resource)