CVE-2023-1256

Summary

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.

Affected Software

VendorProductVersion RangeStatus
AVEVAAVEVA Plant SCADA2023 Update 10affected
AVEVAAVEVA Plant SCADA2020R2 Update 10affected
AVEVAAVEVA Telemetry Server2020 R2 SP1affected

Weaknesses

  • CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References