CVE-2023-33873
AVEVA Operations Control Logger Execution with Unnecessary Privileges
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, lo que resulta en un compromiso total de la máquina de destino.
*Credits:
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-13 CVE Reserved
- 2023-11-15 CVE Published
- 2023-12-09 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.aveva.com/en/support-and-success/cyber-security-updates | 2023-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aveva Search vendor "Aveva" | Batch Management Search vendor "Aveva" for product "Batch Management" | < 2020 Search vendor "Aveva" for product "Batch Management" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Batch Management Search vendor "Aveva" for product "Batch Management" | 2020 Search vendor "Aveva" for product "Batch Management" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Batch Management Search vendor "Aveva" for product "Batch Management" | 2020 Search vendor "Aveva" for product "Batch Management" and version "2020" | sp1 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Communication Drivers Search vendor "Aveva" for product "Communication Drivers" | < 2020 Search vendor "Aveva" for product "Communication Drivers" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Communication Drivers Search vendor "Aveva" for product "Communication Drivers" | 2020 Search vendor "Aveva" for product "Communication Drivers" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Communication Drivers Search vendor "Aveva" for product "Communication Drivers" | 2020 Search vendor "Aveva" for product "Communication Drivers" and version "2020" | r2 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Communication Drivers Search vendor "Aveva" for product "Communication Drivers" | 2020 Search vendor "Aveva" for product "Communication Drivers" and version "2020" | r2_p01 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Edge Search vendor "Aveva" for product "Edge" | <= 20.1.101 Search vendor "Aveva" for product "Edge" and version " <= 20.1.101" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Enterprise Licensing Search vendor "Aveva" for product "Enterprise Licensing" | <= 3.7.002 Search vendor "Aveva" for product "Enterprise Licensing" and version " <= 3.7.002" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Historian Search vendor "Aveva" for product "Historian" | < 2020 Search vendor "Aveva" for product "Historian" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Historian Search vendor "Aveva" for product "Historian" | 2020 Search vendor "Aveva" for product "Historian" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Historian Search vendor "Aveva" for product "Historian" | 2020 Search vendor "Aveva" for product "Historian" and version "2020" | r2 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Historian Search vendor "Aveva" for product "Historian" | 2020 Search vendor "Aveva" for product "Historian" and version "2020" | r2_p01 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch Search vendor "Aveva" for product "Intouch" | < 2020 Search vendor "Aveva" for product "Intouch" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch Search vendor "Aveva" for product "Intouch" | 2020 Search vendor "Aveva" for product "Intouch" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch Search vendor "Aveva" for product "Intouch" | 2020 Search vendor "Aveva" for product "Intouch" and version "2020" | r2 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch Search vendor "Aveva" for product "Intouch" | 2020 Search vendor "Aveva" for product "Intouch" and version "2020" | r2_p01 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Manufacturing Execution System Search vendor "Aveva" for product "Manufacturing Execution System" | < 2020 Search vendor "Aveva" for product "Manufacturing Execution System" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Manufacturing Execution System Search vendor "Aveva" for product "Manufacturing Execution System" | 2020 Search vendor "Aveva" for product "Manufacturing Execution System" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Manufacturing Execution System Search vendor "Aveva" for product "Manufacturing Execution System" | 2020 Search vendor "Aveva" for product "Manufacturing Execution System" and version "2020" | p01 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Mobile Operator Search vendor "Aveva" for product "Mobile Operator" | < 2020 Search vendor "Aveva" for product "Mobile Operator" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Mobile Operator Search vendor "Aveva" for product "Mobile Operator" | 2020 Search vendor "Aveva" for product "Mobile Operator" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Mobile Operator Search vendor "Aveva" for product "Mobile Operator" | 2020 Search vendor "Aveva" for product "Mobile Operator" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Mobile Operator Search vendor "Aveva" for product "Mobile Operator" | 2020 Search vendor "Aveva" for product "Mobile Operator" and version "2020" | r1 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Plant Scada Search vendor "Aveva" for product "Plant Scada" | < 2020 Search vendor "Aveva" for product "Plant Scada" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Plant Scada Search vendor "Aveva" for product "Plant Scada" | 2020 Search vendor "Aveva" for product "Plant Scada" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Plant Scada Search vendor "Aveva" for product "Plant Scada" | 2020 Search vendor "Aveva" for product "Plant Scada" and version "2020" | r2 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Recipe Management Search vendor "Aveva" for product "Recipe Management" | < 2020 Search vendor "Aveva" for product "Recipe Management" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Recipe Management Search vendor "Aveva" for product "Recipe Management" | 2020 Search vendor "Aveva" for product "Recipe Management" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Recipe Management Search vendor "Aveva" for product "Recipe Management" | 2020 Search vendor "Aveva" for product "Recipe Management" and version "2020" | update_1_patch_2 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | < 2020 Search vendor "Aveva" for product "System Platform" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | 2020 Search vendor "Aveva" for product "System Platform" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | 2020 Search vendor "Aveva" for product "System Platform" and version "2020" | r2 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | System Platform Search vendor "Aveva" for product "System Platform" | 2020 Search vendor "Aveva" for product "System Platform" and version "2020" | r2_p01 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Telemetry Server Search vendor "Aveva" for product "Telemetry Server" | 2020r2 Search vendor "Aveva" for product "Telemetry Server" and version "2020r2" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Telemetry Server Search vendor "Aveva" for product "Telemetry Server" | 2020r2 Search vendor "Aveva" for product "Telemetry Server" and version "2020r2" | sp1 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Work Tasks Search vendor "Aveva" for product "Work Tasks" | < 2020 Search vendor "Aveva" for product "Work Tasks" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Work Tasks Search vendor "Aveva" for product "Work Tasks" | 2020 Search vendor "Aveva" for product "Work Tasks" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Work Tasks Search vendor "Aveva" for product "Work Tasks" | 2020 Search vendor "Aveva" for product "Work Tasks" and version "2020" | update_1 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Work Tasks Search vendor "Aveva" for product "Work Tasks" | 2020 Search vendor "Aveva" for product "Work Tasks" and version "2020" | update_2 |
Affected
| ||||||