CVE-2023-1256 — CRITICAL (9.8)

Vulnerability Description

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aveva	Aveva Plant Scada	2020r2
Aveva	Telemetry Server	2020r2

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04Third Party AdvisoryUS Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-1256?

CVE-2023-1256 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of...

How severe is CVE-2023-1256?

CVE-2023-1256 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-1256?

Check the references section above for vendor advisories and patch information. Affected products include: Aveva Aveva Plant Scada, Aveva Telemetry Server.