AVEVA Adapter for BACnet Module
- Last UpdatedFeb 20, 2025
- 3 minute read
- PI System
- Adapter for BACnet 1.2
- Adapters
AVEVA Adapter for BACnet Module: 1.2.0.158
AVEVA Adapter for BACnet: 1.2.0.158
Adapter Framework: 1.8.1.62
Edge Module Manager: 1.1.1.19
Alpine Linux: 3.18.4
Overview
AVEVA Adapter for BACnet Module is the containerized version of the adapter that can be deployed using Edge Management on AVEVA Connect. It offers the same capabilities as the adapter that is available for installation directly on the device.
To review the adapter's capabilities as well as enhancements and fixes, see Release notes.
Fixes and enhancements
This updated release contains adapter framework updates.
Fixes
The following issues were resolved in this release:
None
Enhancements
The following enhancements are added in this release:
-
Support for client-level failover for AVEVA Adapter for BACnet Module
Known issues
There are no known issues at this time.
System requirements
See the System requirements.
Installation and upgrade
See AVEVA Edge Management Deployment for additional information.
Uninstall the adapter
See Uninstall the adapter for more information.
Security information and guidance
We are committed to releasing secure products. This section is intended to provide relevant security-related information to guide your installation or upgrade decision.
We proactively disclose aggregate information about the number and severity of security vulnerabilities addressed in each release. The tables below provide an overview of security issues addressed and their relative severity based on standard scoring.
No security-related information is applicable to this release.
Overview of new vulnerabilities found or fixed
This section is intended to provide relevant security-related information to guide your installation or upgrade decision. AVEVA is proactively disclosing aggregate information about the number and severity of AVEVA Adapter for BACnet Module security vulnerabilities that are fixed in this release.
Security vulnerabilities fixed in AVEVA Adapter for BACnet Edge Module 1.2 release
This is the first release of the AVEVA Adapter for BACnet Edge Module. The information below applies to vulnerabilities fixed in the AVEVA Adapter for BACnet, which is included in this release.
|
Severity Category |
CVSS Base Score Range |
Number of Fixed Vulnerabilities |
|---|---|---|
|
Critical |
9 - 10 |
0 |
|
High |
7.0 - 8.9 |
1 |
|
Medium |
4.0 - 6.9 |
0 |
|
Low |
0 - 3.9 |
0 |
Vulnerability Mitigations in AVEVA Adapter for BACnet Edge Module 1.2 Release
The following vulnerabilities were identified in AVEVA Adapter for BACnet Edge Module 1.2 Release.
|
Component |
Version |
CVE or Reference |
CVSS |
Mitigation |
|---|---|---|---|---|
|
zlib |
1.2.13 |
CVE-2023-45853 (https://nvd.nist.gov/vuln/detail/CVE-2023-45853) |
9.8 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module's utilization of zlib through the .NET 6 Framework does not expose this vulnerability. |
|
OpenSSL |
3.1.4 |
CVE-2023-6129 (https://nvd.nist.gov/vuln/detail/CVE-2023-6129) |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
OpenSSL |
3.1.4 |
CVE-2024-0727 (https://nvd.nist.gov/vuln/detail/CVE-2024-0727) |
5.5 |
Vulnerability is not reachable: This vulnerability relies on application loading malformed PKCS12 file from disk since edge module's file system can be accessed only by administrators this is considered as low risk. |
|
OpenSSL |
3.1.4 |
BDSA-2024-0082 |
5.5 |
Vulnerability is not applicable: This vulnerability is not exposed by the use of OpenSSL in AVEVA Adapter for BACnet Module. |
|
krb5 |
1.20.1 |
CVE-2023-36054 (https://nvd.nist.gov/vuln/detail/CVE-2023-36054) |
6.5 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42363 (https://nvd.nist.gov/vuln/detail/CVE-2023-42363) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42364 (https://nvd.nist.gov/vuln/detail/CVE-2023-42364) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42365 (https://nvd.nist.gov/vuln/detail/CVE-2023-42365) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2023-42366 (https://nvd.nist.gov/vuln/detail/CVE-2023-42366) |
6.1 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
busybox |
1.36.1 |
CVE-2022-48174 (https://nvd.nist.gov/vuln/detail/CVE-2022-48174) |
6.7 |
Vulnerability is not applicable: The AVEVA Adapter for BACnet Module is not affected by this vulnerability. |
|
JSON Web Token Handler For the Microsoft .Net Framework 4.5 |
5.6.0 |
CVE-2024-21319 (https://nvd.nist.gov/vuln/detail/CVE-2024-21319) |
6.8 |
Microsoft has provided the following explanation: "The attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation." https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 Edge Module authentication occurs server-side and does not expose the public encryption key to a client. |
|
azure-activedirectory-identitymodel-extensions-for-dotnet |
5.6.0 |
CVE-2024-21319 (https://nvd.nist.gov/vuln/detail/CVE-2024-21319) |
6.8 |
Microsoft provided the following explanation: "The attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation." https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 Edge Module authentication occurs server-side and does not expose the public encryption key to a client. |
Technical support and feedback
See Technical support and feedback for additional information.