The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAveva Plant Scada
APPAveva2020r22023Aveva Telemetry Server
APPAveva2020r2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
Related vulnerabilities
CVE-2023-33873HIGH7.8ten sam produkt
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...
CVE-2023-34982MEDIUM5.5ten sam produkt
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard pr...
CVE-2025-61943CRITICAL9.3PL ✓ten sam vendor
SQL Injection w Aveva Process Optimization umożliwiający RCE
CVE-2025-61937CRITICAL10.0PL ✓ten sam vendor
RCE z uprawnieniami systemowymi w Aveva Process Optimization
CVE-2025-64691CRITICAL9.3PL ✓ten sam vendor
Privilege escalation przez manipulację skryptami TCL w Aveva Process Optimization