CVE-2023-6132: AVEVA Edge products Uncontrolled Search Path Element
First published: Thu Feb 29 2024(Updated: )
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVEVA Edge 2020 R2 SP1 | ||
| All of | ||
| Any of | ||
| =4.4.6 | ||
| =4.5.0 | ||
| =4.5.1 | ||
| =4.5.2 | ||
| Any of | ||
| =2020 | ||
| =2021 | ||
| =2020 | ||
| =2020 | ||
| =2020 | ||
| =2020-r2 | ||
| =2020-r2_p01 | ||
| =2020 | ||
| =2020-update_1 |
Remedy
AVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website: AVEVA Edge 2023 https://softwaresupportsp.aveva.com/#/producthub/details , AVEVA Edge 2020 R2 SP2 P01 https://softwaresupportsp.aveva.com/#/producthub/details . * Note: Log-in is required. For additional information, please refer to AVEVA's security advisory AVEVA-2024-002. https://www.aveva.com/en/support-and-success/cyber-security-updates/
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6132?
CVE-2023-6132 is classified as a critical vulnerability due to its potential for arbitrary code execution and privilege escalation.
How do I fix CVE-2023-6132?
To mitigate CVE-2023-6132, users should update to the latest version of AVEVA Edge that addresses this vulnerability.
What type of attack does CVE-2023-6132 enable?
CVE-2023-6132 enables a malicious entity to execute arbitrary code and potentially escalate privileges on affected systems.
Which software is impacted by CVE-2023-6132?
CVE-2023-6132 affects the AVEVA Edge software, which is used in various industrial control systems.
Can CVE-2023-6132 lead to system compromise?
Yes, if exploited, CVE-2023-6132 can lead to a complete system compromise through unauthorized code execution.
- agent/remedy
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/aveva
- canonical/aveva edge 2020 r2 sp1
- canonical/aveva platform common services
- version/aveva platform common services/4.4.6
- version/aveva platform common services/4.5.0
- version/aveva platform common services/4.5.1
- version/aveva platform common services/4.5.2
- canonical/aveva batch management
- version/aveva batch management/2020
- canonical/aveva enterprise data management
- version/aveva enterprise data management/2021
- canonical/aveva manufacturing execution system
- version/aveva manufacturing execution system/2020
- canonical/aveva mobile operator
- version/aveva mobile operator/2020
- canonical/aveva system platform 2020 r2 p01
- version/aveva system platform 2020 r2 p01/2020
- version/aveva system platform 2020 r2 p01/2020-r2
- version/aveva system platform 2020 r2 p01/2020-r2_p01
- canonical/aveva worktasks
- version/aveva worktasks/2020
- version/aveva worktasks/2020-update_1