AVEVA System Platform

Plan Patch8.1ICS-CERT ICSA-22-067-02Mar 8, 2022

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

A vulnerability in AVEVA System Platform 2020, 2020 R2, and 2020 R2 P01 allows an authorized local user with low privileges to extract cleartext credentials for network user accounts or logged-in users from the platform's memory. Credentials can be obtained either by reading process memory directly or by accessing diagnostic memory dumps saved to unprotected locations.

What this means

What could happen

An authorized user with low privileges could extract cleartext credentials for network accounts or other logged-in users from AVEVA System Platform memory, allowing lateral movement or privilege escalation within your network.

Who's at risk

Organizations running AVEVA System Platform 2020, 2020 R2, or 2020 R2 P01 are affected. This impacts manufacturing, power generation, water utilities, and other critical infrastructure facilities that use AVEVA for process control and monitoring. Engineering workstations and HMI servers running these versions should be prioritized.

How it could be exploited

An attacker with a low-privilege account on a machine running AVEVA System Platform can read the memory of the platform process or create a diagnostic dump file to extract cleartext credentials. If the dump file is saved to an unprotected location, an unauthorized user could access it and obtain credentials for network accounts or administrative users.

Prerequisites

Local access to a system running AVEVA System Platform
Low-privilege user account on the affected system
Ability to read process memory or create diagnostic memory dumps
Access to the location where diagnostic files are saved (for dump-based exploitation)

No authentication required for local exploitationLow complexity to exploitAffects credential confidentialityCredentials can be extracted from memory or diagnostic filesImpacts all three affected versions equally

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

AVEVA System Platform: 20202020No fix yet

AVEVA System Platform: 2020 R2S2020 R2SNo fix yet

AVEVA System Platform: 2020 R2 P012020 R2 P01No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local login access to AVEVA System Platform servers using least-privilege principles; only authorized engineering and administrative staff should have accounts on these systems

WORKAROUNDEnsure diagnostic memory dumps are saved to protected locations with restricted file permissions, and delete old dump files regularly

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AVEVA System Platform 2020 R2 P01 to AVEVA System Platform 2020 R2 SP1

HOTFIXUpdate AVEVA System Platform 2020 R2 to AVEVA System Platform 2020 R2 SP1

HOTFIXUpdate AVEVA System Platform 2020 to AVEVA System Platform 2020 P01

CVEs (1)

CVE-2022-0835

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/90a48f61-d2bd-4f65-a8fa-317e21fa67d9