Lucene search

[email protected]CVE-2023-33873

HistoryNov 15, 2023 - 5:15 p.m.

CVE-2023-33873

2023-11-1517:15:41

CWE-250

[email protected]

web.nvd.nist.gov

cve-2023-33873

privilege escalation

vulnerability

os authentication

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Affected configurations

NVD

Node

avevabatch_managementRange<2020

avevabatch_managementMatch2020-

avevabatch_managementMatch2020sp1

avevacommunication_driversRange<2020

avevacommunication_driversMatch2020-

avevacommunication_driversMatch2020r2

avevacommunication_driversMatch2020r2_p01

avevaedgeRange≤20.1.101

avevaenterprise_licensingRange≤3.7.002

avevahistorianRange<2020

avevahistorianMatch2020-

avevahistorianMatch2020r2

avevahistorianMatch2020r2_p01

avevaintouchRange<2020

avevaintouchMatch2020-

avevaintouchMatch2020r2

avevaintouchMatch2020r2_p01

avevamanufacturing_execution_systemRange<2020

avevamanufacturing_execution_systemMatch2020

avevamanufacturing_execution_systemMatch2020p01

avevamobile_operatorRange<2020

avevamobile_operatorMatch2020

avevamobile_operatorMatch2020-

avevamobile_operatorMatch2020r1

avevaplant_scadaRange<2020

avevaplant_scadaMatch2020-

avevaplant_scadaMatch2020r2

avevarecipe_managementRange<2020

avevarecipe_managementMatch2020-

avevarecipe_managementMatch2020update_1_patch_2

avevasystem_platformRange<2020

avevasystem_platformMatch2020-

avevasystem_platformMatch2020r2

avevasystem_platformMatch2020r2_p01

avevatelemetry_serverMatch2020r2-

avevatelemetry_serverMatch2020r2sp1

avevawork_tasksRange<2020

avevawork_tasksMatch2020-

avevawork_tasksMatch2020update_1

avevawork_tasksMatch2020update_2

CPENameOperatorVersion
aveva:batch_managementaveva batch managementlt2020
aveva:communication_driversaveva communication driverslt2020
aveva:edgeaveva edgele20.1.101
aveva:enterprise_licensingaveva enterprise licensingle3.7.002
aveva:historianaveva historianlt2020
aveva:intouchaveva intouchlt2020
aveva:manufacturing_execution_systemaveva manufacturing execution systemlt2020
aveva:mobile_operatoraveva mobile operatorlt2020
aveva:plant_scadaaveva plant scadalt2020
aveva:recipe_managementaveva recipe managementlt2020

CPE	Name	Operator	Version
aveva:batch_management	aveva batch management	lt	2020
aveva:communication_drivers	aveva communication drivers	lt	2020
aveva:edge	aveva edge	le	20.1.101
aveva:enterprise_licensing	aveva enterprise licensing	le	3.7.002
aveva:historian	aveva historian	lt	2020
aveva:intouch	aveva intouch	lt	2020
aveva:manufacturing_execution_system	aveva manufacturing execution system	lt	2020
aveva:mobile_operator	aveva mobile operator	lt	2020
aveva:plant_scada	aveva plant scada	lt	2020
aveva:recipe_management	aveva recipe management	lt	2020

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SystemPlatform",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Historian",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Application Server",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "InTouch",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Enterprise Licensing (formerly known as License Manager)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "3.7.002",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Manufacturing Execution System (formerly known as Wonderware MES)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Recipe Management",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Batch Management",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 SP1 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Edge (formerly known as Indusoft Web Studio)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Worktasks (formerly known as Workflow Management)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 U2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Plant SCADA (formerly known as Citect)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 Update 15",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Communication Drivers Pack",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Telemetry Server",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.aveva.com/en/support-and-success/cyber-security-updates/

www.cisa.gov/news-events/ics-advisories/icsa-23-318-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-33873

prion1 cvelist1 nvd1 ics1