CNNVD-202506-1709 Information
CNNVD ID
CNNVD-202506-1709
Related CVE
- CNNVD Published: 2025-06-12
Description (Chinese)
AVEVA PI Connector for CygNet是英国AVEVA公司的一个提供从CygNet SCADA系统到PI系统的单向数据传输的工具。 AVEVA PI Connector for CygNet 1.6.14及之前版本存在跨站脚本漏洞,该漏洞源于允许管理员持久化任意JavaScript代码,可能导致跨站脚本攻击。
Description (English)
AVEVA PI Contractor for CygNet is a one-way data transfer from the CygNet SCADA system to the PI system by the British company AVEVA. AVEVA PI Contractor for CygNet 1.6.14 and earlier versions had a cross-site script loophole, which stemmed from allowing managers to perpetuate any JavaScript code that could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
剑维软件
Published
2025-06-12
Last Modified
2026-02-24
References
https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09 https://access.redhat.com/security/cve/cve-2025-4417
Patch
https://www.aveva.com/en/support-and-success/cyber-security-updates/
Share on: