CVE-2023-6132
published 2024-02-29CVE-2023-6132: The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by…
PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.19%
9.2th percentile
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aveva | aveva_edge | <= 2020 R2 SP2 | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
AVEVA Edge products (formerly known as InduSoft Web Studio)
cisa_ics·2024-02-01·CVSS 7.3
[HIGH] AVEVA Edge products (formerly known as InduSoft Web Studio)
ICS Advisory
##
AVEVA Edge products (formerly known as InduSoft Web Studio)
Release DateFebruary 01, 2024
Alert CodeICSA-24-032-03
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.3
- ATTENTION: Low attack complexity
- Vendor: AVEVA
- Equipment: AVEVA Edge products (formerly known as InduSoft Web Studio)
- Vulnerability: Uncontrolled Search Path Element
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could result in an attacker achieving arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following AVEVA Edge products (formerly known as InduSoft Web Studio) are affected:
- AVEVA Edge: 2020 R2 SP2 and prior
## 3.2 Vulnerability Overview
3.
GHSA
GHSA-crqv-wqx6-5f5r: The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escal
ghsa_unreviewed·2024-02-29
CVE-2023-6132 [HIGH] CWE-427 GHSA-crqv-wqx6-5f5r: The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escal
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-29
Published