Vulnerabilities > CVE-2023-33873 - Unspecified vulnerability in Aveva products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

aveva

NVD

Published: 2023-11-15

Updated: 2023-12-08

Summary

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva System Platform 2020 Aveva System Platform 2017 Aveva Manufacturing Execution System 2020 Aveva Manufacturing Execution System * Aveva Mobile Operator 2020 Aveva Mobile Operator * Aveva Work Tasks 2020 Aveva Work Tasks * Aveva Telemetry Server 2020R2 Aveva Historian 2020 Aveva Historian * Aveva Intouch 2020 Aveva Intouch * Aveva Enterprise Licensing * Aveva Recipe Management * Aveva Recipe Management 2020 Aveva Batch Management 2020 Aveva Batch Management * Aveva Communication Drivers * Aveva Communication Drivers 2020 Aveva Plant Scada * Aveva Plant Scada 2020 Aveva Edge 8.1	43

Summary

Vulnerable Configurations

References