Vulnerabilities > CVE-2023-6132 - Unspecified vulnerability in Aveva Platform Common Services

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

aveva

NVD

Published: 2024-02-29

Updated: 2025-03-04

Summary

The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva Platform Common Services 4.4.6 Aveva Platform Common Services 4.5.0 Aveva Platform Common Services 4.5.1 Aveva Platform Common Services 4.5.2 Aveva Batch Management 2020 Aveva Enterprise Data Management 2021 Aveva Manufacturing Execution System 2020 Aveva Mobile Operator 2020 Aveva System Platform 2020 Aveva Work Tasks 2020	13

References

https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03