// For flags

CVE-2023-33873

AVEVA Operations Control Logger Execution with Unnecessary Privileges

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, lo que resulta en un compromiso total de la máquina de destino.

*Credits: Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-06-13 CVE Reserved
  • 2023-11-15 CVE Published
  • 2023-12-09 EPSS Updated
  • 2024-11-21 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-250: Execution with Unnecessary Privileges
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Aveva
Search vendor "Aveva"
Batch Management
Search vendor "Aveva" for product "Batch Management"
< 2020
Search vendor "Aveva" for product "Batch Management" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Batch Management
Search vendor "Aveva" for product "Batch Management"
2020
Search vendor "Aveva" for product "Batch Management" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Batch Management
Search vendor "Aveva" for product "Batch Management"
2020
Search vendor "Aveva" for product "Batch Management" and version "2020"
sp1
Affected
Aveva
Search vendor "Aveva"
Communication Drivers
Search vendor "Aveva" for product "Communication Drivers"
< 2020
Search vendor "Aveva" for product "Communication Drivers" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Communication Drivers
Search vendor "Aveva" for product "Communication Drivers"
2020
Search vendor "Aveva" for product "Communication Drivers" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Communication Drivers
Search vendor "Aveva" for product "Communication Drivers"
2020
Search vendor "Aveva" for product "Communication Drivers" and version "2020"
r2
Affected
Aveva
Search vendor "Aveva"
Communication Drivers
Search vendor "Aveva" for product "Communication Drivers"
2020
Search vendor "Aveva" for product "Communication Drivers" and version "2020"
r2_p01
Affected
Aveva
Search vendor "Aveva"
Edge
Search vendor "Aveva" for product "Edge"
<= 20.1.101
Search vendor "Aveva" for product "Edge" and version " <= 20.1.101"
-
Affected
Aveva
Search vendor "Aveva"
Enterprise Licensing
Search vendor "Aveva" for product "Enterprise Licensing"
<= 3.7.002
Search vendor "Aveva" for product "Enterprise Licensing" and version " <= 3.7.002"
-
Affected
Aveva
Search vendor "Aveva"
Historian
Search vendor "Aveva" for product "Historian"
< 2020
Search vendor "Aveva" for product "Historian" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Historian
Search vendor "Aveva" for product "Historian"
2020
Search vendor "Aveva" for product "Historian" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Historian
Search vendor "Aveva" for product "Historian"
2020
Search vendor "Aveva" for product "Historian" and version "2020"
r2
Affected
Aveva
Search vendor "Aveva"
Historian
Search vendor "Aveva" for product "Historian"
2020
Search vendor "Aveva" for product "Historian" and version "2020"
r2_p01
Affected
Aveva
Search vendor "Aveva"
Intouch
Search vendor "Aveva" for product "Intouch"
< 2020
Search vendor "Aveva" for product "Intouch" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Intouch
Search vendor "Aveva" for product "Intouch"
2020
Search vendor "Aveva" for product "Intouch" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Intouch
Search vendor "Aveva" for product "Intouch"
2020
Search vendor "Aveva" for product "Intouch" and version "2020"
r2
Affected
Aveva
Search vendor "Aveva"
Intouch
Search vendor "Aveva" for product "Intouch"
2020
Search vendor "Aveva" for product "Intouch" and version "2020"
r2_p01
Affected
Aveva
Search vendor "Aveva"
Manufacturing Execution System
Search vendor "Aveva" for product "Manufacturing Execution System"
< 2020
Search vendor "Aveva" for product "Manufacturing Execution System" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Manufacturing Execution System
Search vendor "Aveva" for product "Manufacturing Execution System"
2020
Search vendor "Aveva" for product "Manufacturing Execution System" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Manufacturing Execution System
Search vendor "Aveva" for product "Manufacturing Execution System"
2020
Search vendor "Aveva" for product "Manufacturing Execution System" and version "2020"
p01
Affected
Aveva
Search vendor "Aveva"
Mobile Operator
Search vendor "Aveva" for product "Mobile Operator"
< 2020
Search vendor "Aveva" for product "Mobile Operator" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Mobile Operator
Search vendor "Aveva" for product "Mobile Operator"
2020
Search vendor "Aveva" for product "Mobile Operator" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Mobile Operator
Search vendor "Aveva" for product "Mobile Operator"
2020
Search vendor "Aveva" for product "Mobile Operator" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Mobile Operator
Search vendor "Aveva" for product "Mobile Operator"
2020
Search vendor "Aveva" for product "Mobile Operator" and version "2020"
r1
Affected
Aveva
Search vendor "Aveva"
Plant Scada
Search vendor "Aveva" for product "Plant Scada"
< 2020
Search vendor "Aveva" for product "Plant Scada" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Plant Scada
Search vendor "Aveva" for product "Plant Scada"
2020
Search vendor "Aveva" for product "Plant Scada" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Plant Scada
Search vendor "Aveva" for product "Plant Scada"
2020
Search vendor "Aveva" for product "Plant Scada" and version "2020"
r2
Affected
Aveva
Search vendor "Aveva"
Recipe Management
Search vendor "Aveva" for product "Recipe Management"
< 2020
Search vendor "Aveva" for product "Recipe Management" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Recipe Management
Search vendor "Aveva" for product "Recipe Management"
2020
Search vendor "Aveva" for product "Recipe Management" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Recipe Management
Search vendor "Aveva" for product "Recipe Management"
2020
Search vendor "Aveva" for product "Recipe Management" and version "2020"
update_1_patch_2
Affected
Aveva
Search vendor "Aveva"
System Platform
Search vendor "Aveva" for product "System Platform"
< 2020
Search vendor "Aveva" for product "System Platform" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
System Platform
Search vendor "Aveva" for product "System Platform"
2020
Search vendor "Aveva" for product "System Platform" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
System Platform
Search vendor "Aveva" for product "System Platform"
2020
Search vendor "Aveva" for product "System Platform" and version "2020"
r2
Affected
Aveva
Search vendor "Aveva"
System Platform
Search vendor "Aveva" for product "System Platform"
2020
Search vendor "Aveva" for product "System Platform" and version "2020"
r2_p01
Affected
Aveva
Search vendor "Aveva"
Telemetry Server
Search vendor "Aveva" for product "Telemetry Server"
2020r2
Search vendor "Aveva" for product "Telemetry Server" and version "2020r2"
-
Affected
Aveva
Search vendor "Aveva"
Telemetry Server
Search vendor "Aveva" for product "Telemetry Server"
2020r2
Search vendor "Aveva" for product "Telemetry Server" and version "2020r2"
sp1
Affected
Aveva
Search vendor "Aveva"
Work Tasks
Search vendor "Aveva" for product "Work Tasks"
< 2020
Search vendor "Aveva" for product "Work Tasks" and version " < 2020"
-
Affected
Aveva
Search vendor "Aveva"
Work Tasks
Search vendor "Aveva" for product "Work Tasks"
2020
Search vendor "Aveva" for product "Work Tasks" and version "2020"
-
Affected
Aveva
Search vendor "Aveva"
Work Tasks
Search vendor "Aveva" for product "Work Tasks"
2020
Search vendor "Aveva" for product "Work Tasks" and version "2020"
update_1
Affected
Aveva
Search vendor "Aveva"
Work Tasks
Search vendor "Aveva" for product "Work Tasks"
2020
Search vendor "Aveva" for product "Work Tasks" and version "2020"
update_2
Affected