CVE-2022-28687 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-28687?

CVE-2022-28687 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on AVEVA Edge 2020 installations by tricking users into opening malicious APP files. The flaw exists in how the software loads libraries from unsecured locations, enabling code execution in the current process context. Only users running the specific affected version are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on AVEVA Edge 2020 installations by tricking users into opening malicious APP files. The flaw exists in how the software loads libraries from unsecured locations, enabling code execution in the current process context. Only users running the specific affected version are vulnerable.

💻 Affected Systems

Products:

AVEVA Edge 2020

Versions: SP2 Patch 0 (4201.2111.1802.0000)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific build version is confirmed affected. Other versions may also be vulnerable but not explicitly listed.

📦 What is this software?

Aveva Edge by Aveva

View all CVEs affecting Aveva Edge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker gains control of the AVEVA Edge process, allowing them to execute commands, access system resources, and potentially escalate privileges.

🟢

If Mitigated

Limited impact with proper application whitelisting, network segmentation, and user training preventing malicious file execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web or email.

🏢 Internal Only: HIGH - Internal users could be targeted via phishing or malicious files on network shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious file is executed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version beyond 4201.2111.1802.0000

Vendor Advisory: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf

Restart Required: Yes

Instructions:

1. Download latest AVEVA Edge update from official vendor portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system and verify version.

🔧 Temporary Workarounds

Restrict APP file execution

windows

Block execution of APP files via application control or group policy

Using Windows AppLocker: New-AppLockerPolicy -RuleType Path -Action Deny -Path "*.app" -Name "Block APP files"

Remove vulnerable version

windows

Uninstall affected version if not required for operations

Control Panel > Programs > Uninstall AVEVA Edge 2020

🧯 If You Can't Patch

Implement strict application whitelisting to prevent unauthorized executables
Train users to never open APP files from untrusted sources and disable automatic file associations

🔍 How to Verify

Check if Vulnerable:

Check AVEVA Edge version in Help > About. If version is exactly 4201.2111.1802.0000, system is vulnerable.

Check Version:

Check Help > About in AVEVA Edge application interface

Verify Fix Applied:

Verify version has changed from 4201.2111.1802.0000 after update installation.

📡 Detection & Monitoring

Log Indicators:

Process creation events from AVEVA Edge loading unexpected DLLs
APP file execution in process logs

Network Indicators:

Unexpected outbound connections from AVEVA Edge process
Downloads of APP files from external sources

SIEM Query:

ProcessName="AVEVA Edge" AND (FileName="*.app" OR CommandLine CONTAINS ".app")

📊 Metadata

CVE ID: CVE-2022-28687

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: March 29, 2023

Last Updated: February 18, 2025

🔗 References

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1126/ Third Party Advisory,VDB Entry
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1126/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28687, you might also want to check these: