CVE-2023-34982

Summary

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.

Affected Software

VendorProductVersion RangeStatus
AVEVASystemPlatform0 <= 2020 R2 SP1 P01affected
AVEVAHistorian0 <= 2020 R2 SP1 P01affected
AVEVAApplication Server0 <= 2020 R2 SP1 P01affected
AVEVAInTouch0 <= 2020 R2 SP1 P01affected
AVEVAEnterprise Licensing (formerly known as License Manager)0 <= 3.7.002affected
AVEVAManufacturing Execution System (formerly known as Wonderware MES)0 <= 2020 P01affected
AVEVARecipe Management0 <= 2020 R2 Update 1 Patch 2affected
AVEVABatch Management0 <= 2020 SP1affected
AVEVAEdge (formerly known as Indusoft Web Studio)0 <= 2020 R2 SP1 P01affected
AVEVAWorktasks (formerly known as Workflow Management)0 <= 2020 U2affected
AVEVAPlant SCADA (formerly known as Citect)0 <= 2020 R2 Update 15affected
AVEVAMobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)0 <= 2020 R1affected
AVEVACommunication Drivers Pack0 <= 2020 R2 SP1affected
AVEVATelemetry Server0 <= 2020 R2 SP1affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

ADP Enrichment

CVE Program Container

Additional References

References