This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 | Third Party Advisory US Government Resource |
| https://www.aveva.com/en/support-and-success/cyber-security-updates/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Dec 2023, 18:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 - Third Party Advisory, US Government Resource | |
| References | () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| CWE | CWE-610 | |
| CPE | cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:* cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:* cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:* |
|
| First Time |
Aveva edge
Aveva work Tasks Aveva batch Management Aveva plant Scada Aveva mobile Operator Aveva enterprise Licensing Aveva intouch Aveva recipe Management Aveva historian Aveva communication Drivers Aveva system Platform Aveva telemetry Server Aveva manufacturing Execution System Aveva |
15 Nov 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-15 17:15
Updated : 2023-12-08 18:53
NVD link : CVE-2023-34982
Mitre link : CVE-2023-34982
JSON object : View
Products Affected
aveva
- communication_drivers
- intouch
- edge
- work_tasks
- telemetry_server
- manufacturing_execution_system
- system_platform
- batch_management
- mobile_operator
- historian
- plant_scada
- enterprise_licensing
- recipe_management
CWE
CWE-610
Externally Controlled Reference to a Resource in Another Sphere