CNNVD-202511-1807 Information

CNNVD ID

CNNVD-202511-1807

Related CVE

CVE-2025-8386

• CNNVD Published: 2025-11-15

Description (Chinese)

AVEVA Application Server是英国AVEVA公司的一个工业自动化实时控制平台。 AVEVA Application Server存在安全漏洞，该漏洞源于IDE组件中的跨站脚本注入问题，可能导致权限提升。

Description (English)

AVEVA Application Server is an industrial automated real-time control platform for AVEVA. There is a security loophole in AVEVA Application Server, which stems from the cross-site script injection problem in the IDE component, which may lead to increased access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

剑维软件

Published

2025-11-15

Last Modified

2026-02-24

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin-AVEVA-2025-005.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-02 https://access.redhat.com/security/cve/cve-2025-8386

Patch

https://docs.aveva.com/