CVE-2023-33873: AVEVA Operations Control Logger Execution with Unnecessary Privileges
First published: Wed Nov 15 2023(Updated: )
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aveva Batch Management | <2020 | |
| Aveva Batch Management | =2020 | |
| Aveva Batch Management | =2020-sp1 | |
| Aveva Communication Drivers | <2020 | |
| Aveva Communication Drivers | =2020 | |
| Aveva Communication Drivers | =2020-r2 | |
| Aveva Communication Drivers | =2020-r2_p01 | |
| AVEVA Edge | <=20.1.101 | |
| Aveva Enterprise Licensing | <=3.7.002 | |
| Aveva Historian | <2020 | |
| Aveva Historian | =2020 | |
| Aveva Historian | =2020-r2 | |
| Aveva Historian | =2020-r2_p01 | |
| Aveva Intouch | <2020 | |
| Aveva Intouch | =2020 | |
| Aveva Intouch | =2020-r2 | |
| Aveva Intouch | =2020-r2_p01 | |
| Aveva Manufacturing Execution System | <2020 | |
| Aveva Manufacturing Execution System | =2020 | |
| Aveva Manufacturing Execution System | =2020-p01 | |
| Aveva Mobile Operator | <2020 | |
| Aveva Mobile Operator | =2020 | |
| Aveva Mobile Operator | =2020 | |
| Aveva Mobile Operator | =2020-r1 | |
| Aveva Plant Scada | <2020 | |
| Aveva Plant Scada | =2020 | |
| Aveva Plant Scada | =2020-r2 | |
| Aveva Recipe Management | <2020 | |
| Aveva Recipe Management | =2020 | |
| Aveva Recipe Management | =2020-update_1_patch_2 | |
| AVEVA System Platform | <2020 | |
| AVEVA System Platform | =2020 | |
| AVEVA System Platform | =2020-r2 | |
| AVEVA System Platform | =2020-r2_p01 | |
| AVEVA Telemetry Server | =2020r2 | |
| AVEVA Telemetry Server | =2020r2-sp1 | |
| Aveva Work Tasks | <2020 | |
| Aveva Work Tasks | =2020 | |
| Aveva Work Tasks | =2020-update_1 | |
| Aveva Work Tasks | =2020-update_2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- collector/nvd-api
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/aveva
- canonical/aveva batch management
- version/aveva batch management/2020
- version/aveva batch management/2020-sp1
- canonical/aveva communication drivers
- version/aveva communication drivers/2020
- version/aveva communication drivers/2020-r2
- version/aveva communication drivers/2020-r2_p01
- canonical/aveva edge
- version/aveva edge/20.1.101
- canonical/aveva enterprise licensing
- version/aveva enterprise licensing/3.7.002
- canonical/aveva historian
- version/aveva historian/2020
- version/aveva historian/2020-r2
- version/aveva historian/2020-r2_p01
- canonical/aveva intouch
- version/aveva intouch/2020
- version/aveva intouch/2020-r2
- version/aveva intouch/2020-r2_p01
- canonical/aveva manufacturing execution system
- version/aveva manufacturing execution system/2020
- version/aveva manufacturing execution system/2020-p01
- canonical/aveva mobile operator
- version/aveva mobile operator/2020
- version/aveva mobile operator/2020-r1
- canonical/aveva plant scada
- version/aveva plant scada/2020
- version/aveva plant scada/2020-r2
- canonical/aveva recipe management
- version/aveva recipe management/2020
- version/aveva recipe management/2020-update_1_patch_2
- canonical/aveva system platform
- version/aveva system platform/2020
- version/aveva system platform/2020-r2
- version/aveva system platform/2020-r2_p01
- canonical/aveva telemetry server
- version/aveva telemetry server/2020r2
- version/aveva telemetry server/2020r2-sp1
- canonical/aveva work tasks
- version/aveva work tasks/2020
- version/aveva work tasks/2020-update_1
- version/aveva work tasks/2020-update_2