CRITICAL🇬🇧 English

CVE-2023-1256

CVSS 9.8v3.1pub. 2023-03-16upd. 2024-11-21

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aveva Plant Scada

    APP
    Aveva
    2020r22023
  • Aveva Telemetry Server

    APP
    Aveva
    2020r2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
Referencje

Powiązane podatności

CVE-2023-33873HIGH7.8ten sam produkt

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...

CVE-2023-34982MEDIUM5.5ten sam produkt

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard pr...

CVE-2025-61943CRITICAL9.3PL ✓ten sam vendor

SQL Injection w Aveva Process Optimization umożliwiający RCE

CVE-2025-61937CRITICAL10.0PL ✓ten sam vendor

RCE z uprawnieniami systemowymi w Aveva Process Optimization

CVE-2025-64691CRITICAL9.3PL ✓ten sam vendor

Privilege escalation przez manipulację skryptami TCL w Aveva Process Optimization