This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
References
Link | Resource |
---|---|
https://www.aveva.com/en/support-and-success/cyber-security-updates/ | Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
08 Dec 2023, 17:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 - Third Party Advisory, US Government Resource | |
References | () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory | |
First Time |
Aveva intouch
Aveva recipe Management Aveva work Tasks Aveva mobile Operator Aveva manufacturing Execution System Aveva plant Scada Aveva edge Aveva batch Management Aveva system Platform Aveva telemetry Server Aveva communication Drivers Aveva enterprise Licensing Aveva Aveva historian |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:* cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other |
15 Nov 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-15 17:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-33873
Mitre link : CVE-2023-33873
CVE.ORG link : CVE-2023-33873
JSON object : View
Products Affected
aveva
- telemetry_server
- recipe_management
- edge
- work_tasks
- historian
- intouch
- plant_scada
- manufacturing_execution_system
- mobile_operator
- communication_drivers
- system_platform
- enterprise_licensing
- batch_management
CWE