Aveva Security Vulnerabilities (CVEs)
Track 16 security vulnerabilities affecting Aveva products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated standard users to trick Process Optimization services into loading arbitrary code, leading to privilege escala...
Jan 16, 2026The Process Optimization application suite uses unencrypted communication channels by default, allowing attackers to intercept, modify, or steal sensi...
Jan 16, 2026This vulnerability allows authenticated Process Optimization Designer users to embed OLE objects into graphics, which can escalate their privileges to...
Jan 16, 2026This vulnerability allows unauthenticated attackers to remotely crash the PI Message Subsystem in AVEVA PI Server, causing denial-of-service. It affec...
Jan 18, 2024This vulnerability allows unauthenticated attackers to execute arbitrary commands on AVEVA Edge systems. It affects all versions R2020 and prior, pote...
Dec 16, 2023CVE-2022-28685 is a remote code execution vulnerability in AVEVA Edge 2020 SP2 Patch 0 (version 4201.2111.1802.0000) that allows attackers to execute ...
Mar 29, 2023This vulnerability allows remote attackers to execute arbitrary code on AVEVA Edge 2020 installations by tricking users into opening malicious APP fil...
Mar 29, 2023This XXE vulnerability in AVEVA Edge 2020 allows attackers to read sensitive files from the system when users open malicious documents. Attackers can ...
Mar 29, 2023This vulnerability allows attackers to perform DLL hijacking in AVEVA PCS Portal by placing malicious DLLs in locations the software searches. It affe...
Jul 27, 2022This vulnerability allows attackers to escape from AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications to execute OS commands v...
May 23, 2022AVEVA System Platform 2020 stores sensitive information in cleartext, allowing attackers or low-privileged users to access credentials and other confi...
Apr 11, 2022CVE-2021-33008 is an authentication bypass vulnerability in AVEVA System Platform versions 2017 through 2020 R2 P01. It allows unauthenticated attacke...
Apr 4, 2022AVEVA System Platform versions 2017 through 2020 R2 P01 fail to properly verify cryptographic signatures for data, allowing attackers to bypass authen...
Apr 4, 2022This vulnerability is a heap-based buffer overflow in the SuiteLink server when processing commands 0x05/0x06. It allows remote attackers to execute a...
Sep 23, 2021A null pointer dereference vulnerability in the SuiteLink server allows attackers to cause denial of service by sending a specially crafted command 0x...
Sep 23, 2021A null pointer dereference vulnerability in the SuiteLink server allows attackers to crash the service by sending a specially crafted command 0x0b. Th...
Sep 23, 2021Why Monitor Aveva Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 16+ known vulnerabilities affecting Aveva products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Aveva packages in under 60 seconds. No agents required - completely agentless scanning that works across Aveva deployments.
Free vulnerability database: Access detailed information about every Aveva CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Aveva CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
