Vulnerabilities > Aveva > System Platform > 2017
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-33873 | Unspecified vulnerability in Aveva products This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. | 7.8 |
| 2023-11-15 | CVE-2023-34982 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aveva products This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. | 7.1 |
| 2022-04-04 | CVE-2021-32977 | Improper Verification of Cryptographic Signature vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. | 7.2 |
| 2022-04-04 | CVE-2021-32981 | Path Traversal vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | 7.2 |
| 2022-04-04 | CVE-2021-32985 | Origin Validation Error vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | 7.2 |
| 2022-04-04 | CVE-2021-33008 | Missing Authentication for Critical Function vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | 9.8 |
| 2022-04-04 | CVE-2021-33010 | Unspecified vulnerability in Aveva System Platform 2017/2020 An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | 7.5 |