7.8
CVE-2023-33873
- EPSS 0.14%
- Veröffentlicht 15.11.2023 17:15:41
- Zuletzt bearbeitet 21.11.2024 08:06:06
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aveva ≫ Batch Management Version < 2020
Aveva ≫ Batch Management Version2020 Update-
Aveva ≫ Batch Management Version2020 Updatesp1
Aveva ≫ Communication Drivers Version < 2020
Aveva ≫ Communication Drivers Version2020 Update-
Aveva ≫ Communication Drivers Version2020 Updater2
Aveva ≫ Communication Drivers Version2020 Updater2_p01
Aveva ≫ Enterprise Licensing Version <= 3.7.002
Aveva ≫ Manufacturing Execution System Version < 2020
Aveva ≫ Manufacturing Execution System Version2020
Aveva ≫ Manufacturing Execution System Version2020 Updatep01
Aveva ≫ Mobile Operator Version < 2020
Aveva ≫ Mobile Operator Version2020
Aveva ≫ Mobile Operator Version2020 Update-
Aveva ≫ Mobile Operator Version2020 Updater1
Aveva ≫ Plant Scada Version < 2020
Aveva ≫ Plant Scada Version2020 Update-
Aveva ≫ Plant Scada Version2020 Updater2
Aveva ≫ Recipe Management Version < 2020
Aveva ≫ Recipe Management Version2020 Update-
Aveva ≫ Recipe Management Version2020 Updateupdate_1_patch_2
Aveva ≫ System Platform Version < 2020
Aveva ≫ System Platform Version2020 Update-
Aveva ≫ System Platform Version2020 Updater2
Aveva ≫ System Platform Version2020 Updater2_p01
Aveva ≫ Telemetry Server Version2020r2 Update-
Aveva ≫ Telemetry Server Version2020r2 Updatesp1
Aveva ≫ Work Tasks Version < 2020
Aveva ≫ Work Tasks Version2020 Update-
Aveva ≫ Work Tasks Version2020 Updateupdate_1
Aveva ≫ Work Tasks Version2020 Updateupdate_2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.