CVE-2020-13499
24.09.2020, 15:15
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
| Vendor | Product | Version |
|---|---|---|
| aveva | edna_enterprise_data_historian | 3.0.1.2\/7.5.4989.33053 |
𝑥
= Vulnerable software versions