CVE-2023-33873

HIGH EPSS 14.5%
Published Nov 15, 20232y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Nov 15, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
14.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-250

Affected Products 40

VendorProductVersionRange
avevabatch_management* <2020
avevabatch_management2020any
avevabatch_management2020any
avevacommunication_drivers* <2020
avevacommunication_drivers2020any
avevacommunication_drivers2020any
avevacommunication_drivers2020any
avevaedge* ≤20.1.101
avevaenterprise_licensing* ≤3.7.002
avevahistorian* <2020
avevahistorian2020any
avevahistorian2020any
avevahistorian2020any
avevaintouch* <2020
avevaintouch2020any
avevaintouch2020any
avevaintouch2020any
avevamanufacturing_execution_system* <2020
avevamanufacturing_execution_system2020any
avevamanufacturing_execution_system2020any
avevamobile_operator* <2020
avevamobile_operator2020any
avevamobile_operator2020any
avevamobile_operator2020any
avevaplant_scada* <2020
avevaplant_scada2020any
avevaplant_scada2020any
avevarecipe_management* <2020
avevarecipe_management2020any
avevarecipe_management2020any
avevasystem_platform* <2020
avevasystem_platform2020any
avevasystem_platform2020any
avevasystem_platform2020any
avevatelemetry_server2020r2any
avevatelemetry_server2020r2any
avevawork_tasks* <2020
avevawork_tasks2020any
avevawork_tasks2020any
avevawork_tasks2020any

References 2

  • aveva.com https://www.aveva.com/en/support-and-success/cyber-security-updates/
    Vendor Advisory
  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
    Third Party AdvisoryUS Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.