This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
References
Link | Resource |
---|---|
https://www.aveva.com/en/support-and-success/cyber-security-updates/ | Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
08 Dec 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-610 | |
First Time |
Aveva intouch
Aveva recipe Management Aveva work Tasks Aveva mobile Operator Aveva manufacturing Execution System Aveva plant Scada Aveva edge Aveva batch Management Aveva system Platform Aveva telemetry Server Aveva communication Drivers Aveva enterprise Licensing Aveva Aveva historian |
|
CPE | cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:* cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:* |
|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 - Third Party Advisory, US Government Resource | |
References | () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
15 Nov 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-15 17:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-34982
Mitre link : CVE-2023-34982
CVE.ORG link : CVE-2023-34982
JSON object : View
Products Affected
aveva
- manufacturing_execution_system
- historian
- plant_scada
- intouch
- telemetry_server
- system_platform
- mobile_operator
- communication_drivers
- work_tasks
- batch_management
- recipe_management
- edge
- enterprise_licensing