CVE-2023-34982

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.aveva.com/en/support-and-success/cyber-security-updates/	Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aveva:batch_management::::::::
	cpe:2.3:a:aveva:batch_management:2020:-::::::
	cpe:2.3:a:aveva:batch_management:2020:sp1::::::
	cpe:2.3:a:aveva:communication_drivers::::::::
	cpe:2.3:a:aveva:communication_drivers:2020:-::::::
	cpe:2.3:a:aveva:communication_drivers:2020:r2::::::
	cpe:2.3:a:aveva:communication_drivers:2020:r2_p01::::::
	cpe:2.3:a:aveva:edge::::::::
	cpe:2.3:a:aveva:enterprise_licensing::::::::
	cpe:2.3:a:aveva:historian::::::::
	cpe:2.3:a:aveva:historian:2020:-::::::
	cpe:2.3:a:aveva:historian:2020:r2::::::
	cpe:2.3:a:aveva:historian:2020:r2_p01::::::
	cpe:2.3:a:aveva:intouch::::::::
	cpe:2.3:a:aveva:intouch:2020:-::::::
	cpe:2.3:a:aveva:intouch:2020:r2::::::
	cpe:2.3:a:aveva:intouch:2020:r2_p01::::::
	cpe:2.3:a:aveva:manufacturing_execution_system::::::::
	cpe:2.3:a:aveva:manufacturing_execution_system:2020:::::::*
	cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01::::::
	cpe:2.3:a:aveva:mobile_operator::::::::
	cpe:2.3:a:aveva:mobile_operator:2020:::::::*
	cpe:2.3:a:aveva:mobile_operator:2020:-::::::
	cpe:2.3:a:aveva:mobile_operator:2020:r1::::::
	cpe:2.3:a:aveva:plant_scada::::::::
	cpe:2.3:a:aveva:plant_scada:2020:-::::::
	cpe:2.3:a:aveva:plant_scada:2020:r2::::::
	cpe:2.3:a:aveva:recipe_management::::::::
	cpe:2.3:a:aveva:recipe_management:2020:-::::::
	cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2::::::
	cpe:2.3:a:aveva:system_platform::::::::
	cpe:2.3:a:aveva:system_platform:2020:-::::::
	cpe:2.3:a:aveva:system_platform:2020:r2::::::
	cpe:2.3:a:aveva:system_platform:2020:r2_p01::::::
	cpe:2.3:a:aveva:telemetry_server:2020r2:-::::::
	cpe:2.3:a:aveva:telemetry_server:2020r2:sp1::::::
	cpe:2.3:a:aveva:work_tasks::::::::
	cpe:2.3:a:aveva:work_tasks:2020:-::::::
	cpe:2.3:a:aveva:work_tasks:2020:update_1::::::
	cpe:2.3:a:aveva:work_tasks:2020:update_2::::::

History

08 Dec 2023, 18:53

Type	Values Removed	Values Added
CWE		CWE-610
First Time		Aveva intouch Aveva recipe Management Aveva work Tasks Aveva mobile Operator Aveva manufacturing Execution System Aveva plant Scada Aveva edge Aveva batch Management Aveva system Platform Aveva telemetry Server Aveva communication Drivers Aveva enterprise Licensing Aveva Aveva historian
CPE		cpe:2.3:a:aveva:intouch:::::::: cpe:2.3:a:aveva:batch_management:2020:-:::::: cpe:2.3:a:aveva:plant_scada:::::::: cpe:2.3:a:aveva:historian:::::::: cpe:2.3:a:aveva:system_platform:2020:r2_p01:::::: cpe:2.3:a:aveva:manufacturing_execution_system:::::::: cpe:2.3:a:aveva:work_tasks:2020:update_1:::::: cpe:2.3:a:aveva:batch_management:2020:sp1:::::: cpe:2.3:a:aveva:work_tasks:::::::: cpe:2.3:a:aveva:recipe_management:2020:-:::::: cpe:2.3:a:aveva:manufacturing_execution_system:2020:::::::* cpe:2.3:a:aveva:work_tasks:2020:-:::::: cpe:2.3:a:aveva:historian:2020:r2:::::: cpe:2.3:a:aveva:mobile_operator:2020:::::::* cpe:2.3:a:aveva:system_platform:::::::: cpe:2.3:a:aveva:plant_scada:2020:r2:::::: cpe:2.3:a:aveva:telemetry_server:2020r2:-:::::: cpe:2.3:a:aveva:mobile_operator:::::::: cpe:2.3:a:aveva:system_platform:2020:-:::::: cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:::::: cpe:2.3:a:aveva:plant_scada:2020:-:::::: cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:::::: cpe:2.3:a:aveva:system_platform:2020:r2:::::: cpe:2.3:a:aveva:batch_management:::::::: cpe:2.3:a:aveva:intouch:2020:r2:::::: cpe:2.3:a:aveva:enterprise_licensing:::::::: cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:::::: cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:::::: cpe:2.3:a:aveva:communication_drivers:2020:r2:::::: cpe:2.3:a:aveva:intouch:2020:-:::::: cpe:2.3:a:aveva:historian:2020:-:::::: cpe:2.3:a:aveva:communication_drivers:::::::: cpe:2.3:a:aveva:historian:2020:r2_p01:::::: cpe:2.3:a:aveva:recipe_management:::::::: cpe:2.3:a:aveva:intouch:2020:r2_p01:::::: cpe:2.3:a:aveva:mobile_operator:2020:-:::::: cpe:2.3:a:aveva:work_tasks:2020:update_2:::::: cpe:2.3:a:aveva:mobile_operator:2020:r1:::::: cpe:2.3:a:aveva:edge:::::::: cpe:2.3:a:aveva:communication_drivers:2020:-::::::
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 - Third Party Advisory, US Government Resource
References	~~() https://www.aveva.com/en/support-and-success/cyber-security-updates/ -~~	() https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

15 Nov 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-15 17:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-34982

Mitre link : CVE-2023-34982

CVE.ORG link : CVE-2023-34982

JSON object : View

Products Affected

aveva

manufacturing_execution_system
historian
plant_scada
intouch
telemetry_server
system_platform
mobile_operator
communication_drivers
work_tasks
batch_management
recipe_management
edge
enterprise_licensing

CWE

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

CWE-73

External Control of File Name or Path

7.1 /10