Description
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
14.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (23)
aveva/batch_management
2020 (2 CPE variants)
aveva/batch_management
< 2020
aveva/communication_drivers
2020 (3 CPE variants)
aveva/communication_drivers
< 2020
aveva/edge
< 20.1.101
aveva/enterprise_licensing
< 3.7.002
aveva/historian
2020 (3 CPE variants)
aveva/historian
< 2020
aveva/intouch
2020 (3 CPE variants)
aveva/intouch
< 2020
... and 13 more
Published
Nov 15, 2023
Tracked Since
Feb 18, 2026