Vulnerability Description
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Batch Management | < 2020 |
| Aveva | Communication Drivers | < 2020 |
| Aveva | Edge | <= 20.1.101 |
| Aveva | Enterprise Licensing | <= 3.7.002 |
| Aveva | Historian | < 2020 |
| Aveva | Intouch | < 2020 |
| Aveva | Manufacturing Execution System | < 2020 |
| Aveva | Mobile Operator | < 2020 |
| Aveva | Plant Scada | < 2020 |
| Aveva | Recipe Management | < 2020 |
| Aveva | System Platform | < 2020 |
| Aveva | Telemetry Server | 2020r2 |
| Aveva | Work Tasks | < 2020 |
Related Weaknesses (CWE)
References
- https://www.aveva.com/en/support-and-success/cyber-security-updates/Vendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01Third Party AdvisoryUS Government Resource
- https://www.aveva.com/en/support-and-success/cyber-security-updates/Vendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-33873?
CVE-2023-33873 is a vulnerability with a CVSS score of 7.8 (HIGH). This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are insta...
How severe is CVE-2023-33873?
CVE-2023-33873 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33873?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Batch Management, Aveva Communication Drivers, Aveva Edge, Aveva Enterprise Licensing, Aveva Historian.