CNNVD-202601-2851 Information
CNNVD ID
CNNVD-202601-2851
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
AVEVA Process Optimization是英国AVEVA公司的一个实时过程优化软件。 AVEVA Process Optimization存在SQL注入漏洞,该漏洞源于经过身份验证的攻击者可能篡改Captive Historian中的查询并实现代码执行,可能导致SQL Server完全被破解。
Description (English)
AVEVA Production Optimization is a real-time process optimization software for AVEVA. AVEVA Access Optimization has an SQL-enhanced loophole, which stems from the possibility that the identified assailants may tamper with the Captive Historian queries and implement codes, which could lead to the complete breakdown of SQL Server.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
剑维软件
Published
2026-01-16
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Patch
https://www.aveva.com/en/support-and-success/cyber-security-updates/
Share on: