HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-6132

CVSS 7.3v3.1pub. 2024-02-29upd. 2025-03-04

The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Aveva Batch Management

    APP
    Aveva
    2020
  • Aveva Enterprise Data Management

    APP
    Aveva
    2021
  • Aveva Manufacturing Execution System

    APP
    Aveva
    2020
  • Aveva Mobile Operator

    APP
    Aveva
    2020
  • Aveva Platform Common Services

    APP
    Aveva
    4.4.64.5.04.5.14.5.2
  • Aveva System Platform

    APP
    Aveva
    2020
  • Aveva Work Tasks

    APP
    Aveva
    2020
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCELPE
CWE
References

Related vulnerabilities

CVE-2023-33873HIGH7.8ten sam produkt

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...

CVE-2021-38410HIGH7.3ten sam produkt

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to...

CVE-2022-0835HIGH8.1ten sam produkt

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or...

CVE-2021-33008HIGH8.8ten sam produkt

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality ...

CVE-2021-33010HIGH7.5ten sam produkt

An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is n...