CVE-2022-0835
📋 TL;DR
AVEVA System Platform 2020 stores sensitive information in cleartext, allowing attackers or low-privileged users to access credentials and other confidential data. This affects organizations using AVEVA System Platform 2020 for industrial control systems.
💻 Affected Systems
- AVEVA System Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to industrial control systems, potentially causing operational disruption, data theft, or safety incidents.
Likely Case
Unauthorized users access sensitive configuration data, credentials, or system information, leading to privilege escalation or further attacks.
If Mitigated
Limited exposure with proper access controls, but cleartext storage remains a persistent risk if systems are compromised.
🎯 Exploit Status
Exploitation requires some level of system access but is technically simple once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to latest version as specified in vendor advisory
Vendor Advisory: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf
Restart Required: Yes
Instructions:
1. Download the latest patch from AVEVA support portal. 2. Backup system configuration. 3. Apply patch following vendor instructions. 4. Restart affected services. 5. Verify encryption of sensitive data.
🔧 Temporary Workarounds
Restrict File Access Permissions
windowsLimit access to directories containing cleartext sensitive data to only necessary administrative accounts.
icacls "C:\ProgramData\AVEVA\SystemPlatform\" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"
Implement File System Auditing
windowsEnable auditing on sensitive directories to detect unauthorized access attempts.
auditpol /set /subcategory:"File System" /success:enable /failure:enable
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all user accounts
- Deploy additional monitoring and alerting for access to sensitive data directories
🔍 How to Verify
Check if Vulnerable:
Check for cleartext storage in AVEVA System Platform configuration files and data directories for sensitive information like passwords or credentials.Check Version:
Check AVEVA System Platform version through Control Panel > Programs and Features or using vendor-specific version check tools.Verify Fix Applied:
Verify that sensitive data in AVEVA System Platform directories is encrypted or properly protected after patch application.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to AVEVA System Platform directories
- File access events on sensitive configuration files
Network Indicators:
- Unusual authentication patterns to AVEVA systems
- Data exfiltration from AVEVA servers
SIEM Query:
EventID=4663 AND ObjectName LIKE "%AVEVA%SystemPlatform%" AND Accesses="ReadData"🔗 References
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02
- https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02
