Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Aveva — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting Aveva. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AVEVA provides industrial software solutions, primarily focusing on process simulation, asset performance management, and engineering design for sectors like oil and gas, chemicals, and pharmaceuticals. Its platform integrates complex operational technology with enterprise information systems, creating a broad attack surface for cyber threats. Historical vulnerability assessments reveal a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from legacy components or improper input validation within its web-based interfaces. While no catastrophic public breaches have been widely attributed solely to AVEVA software, the high volume of recorded CVEs indicates persistent security hygiene challenges. These defects frequently allow unauthenticated attackers to gain unauthorized access or disrupt critical industrial operations, underscoring the necessity for rigorous patch management and network segmentation in environments utilizing these industrial control systems.

Top products by Aveva: Process Optimization Edge AVEVA System Platform PI Integrator PI Data Archive PI Server PI Connector for CygNet PI Web API PI Asset Framework Client Pipeline Simulation 2025 PI to CONNECT Agent PI Data Archive PI Server Application Server Historian Web Server SuiteLink Server AVEVA Vijeo Citect and CitectSCADA AVEVA Edge AVEVA Plant SCADA InTouch Access Anywhere AVEVA InTouch Access Anywhere Platform Common Services (PCS) Portal InTouch Wonderware System Platform Vijeo Citect and Citect SCADA
CVE IDTitleCVSSSeverityPublished
CVE-2022-28686 AVEVA Edge 代码问题漏洞 — EdgeCWE-427 7.8 -2023-03-29
CVE-2022-28685 AVEVA Edge 代码问题漏洞 — EdgeCWE-502 7.8 -2023-03-29
CVE-2023-1256 CVE-2023-1256 — AVEVA Plant SCADA 9.8 Critical2023-03-16
CVE-2022-23854 AVEVA InTouch Access Anywhere Secure Gateway 路径遍历漏洞 — InTouch Access AnywhereCWE-23 7.5 High2022-12-23
CVE-2021-38410 AVEVA PCS Portal Uncontrolled Search Path Element — Platform Common Services (PCS) Portal 7.3 High2022-07-27
CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere — AVEVA InTouch Access AnywhereCWE-668 7.4 High2022-05-23
CVE-2022-0835 AVEVA System Platform Cleartext Storage of Sensitive Information in Memory — AVEVA System PlatformCWE-316 8.1 High2022-04-11
CVE-2021-33008 AVEVA System Platform Missing Authentication for Critical Function — AVEVA System PlatformCWE-306 8.8 High2022-04-04
CVE-2021-32981 AVEVA System Platform Path Traversal — AVEVA System PlatformCWE-22 7.2 High2022-04-04
CVE-2021-32985 AVEVA System Platform Origin Validation Error — AVEVA System PlatformCWE-346 7.2 High2022-04-04
CVE-2021-33010 AVEVA System Platform Uncaught Exception — AVEVA System PlatformCWE-248 7.5 High2022-04-04
CVE-2021-32977 AVEVA System Platform Improper Verification of Cryptographic Signature — AVEVA System PlatformCWE-347 7.2 High2022-04-04
CVE-2021-32942 InTouch 信息泄露漏洞 — InTouchCWE-316 6.6 Medium2021-06-09
CVE-2019-13537 多款Schneider Electric产品 IEC870IP driver 缓冲区错误漏洞 — Vijeo Citect and Citect SCADACWE-121 7.5 -2020-01-14
CVE-2019-10981 Schneider Electric AVEVA Vijeo Citect和Schneider Electric AVEVA CitectSCADA 信任管理问题漏洞 — AVEVA Vijeo Citect and CitectSCADACWE-522 7.8 -2019-05-31
CVE-2019-6525 AVEVA Wonderware System Platform 信任管理问题漏洞 — Wonderware System PlatformCWE-522 8.8 -2019-04-11

This page lists every published CVE security advisory associated with Aveva. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.