CVE-2023-33873 — Execution with Unnecessary Privileges in Manufacturing Execution System

CWE-250 — Execution with Unnecessary Privileges3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aveva Batch Management Aveva Communication Drivers Aveva Historian +14 more

Timeline

PublishedNov 15

Description

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages27 packages

▶NVDaveva/system_platform< 2020+1

▶NVDaveva/manufacturing_execution_system< 2020+1

▶CVEListV5aveva/systemplatform2020 R2 SP1 P01

▶CVEListV5aveva/manufacturing_execution_system2020 P01

▶NVDaveva/intouch< 2020+1

🔴Vulnerability Details

CVEList

AVEVA Operations Control Logger Execution with Unnecessary Privileges↗2023-11-15

▶

GHSA

GHSA-6v89-cgp3-2347: This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privil↗2023-11-15

▶