CVE-2023-34982 – AVEVA Operations Control Logger External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-34982
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. Esta vulnerabilidad de control externo, si se explota, podría permitir que un usuario local autenticado en el sistema operativo con privilegios estándar elimine archivos con privilegios de sistema en la máquina donde están instalados estos productos, lo que resultaría en una denegación de servicio. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-33873 – AVEVA Operations Control Logger Execution with Unnecessary Privileges
https://notcve.org/view.php?id=CVE-2023-33873
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, lo que resulta en un compromiso total de la máquina de destino. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-250: Execution with Unnecessary Privileges •
CVE-2016-9360
https://notcve.org/view.php?id=CVE-2016-9360
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. Se encontró un problema en General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 y versiones anteriores, Proficy HMI/SCADA CIMPLICITY Versión 9.0 y versiones anteriores y Proficy Historian Versión 6.0 y versiones anteriores. Un atacante puede recuperar contraseñas de usuario si tiene acceso a una sesión autenticada. • http://www.securityfocus.com/bid/95630 http://www.securitytracker.com/id/1037809 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A • CWE-522: Insufficiently Protected Credentials •