PT-2023-2372 · Aveva · Aveva Plant Scada+1
Published
2023-03-14
·
Updated
2023-03-22
·
CVE-2023-1256
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AVEVA Plant SCADA (affected versions not specified)
AVEVA Telemetry Server (affected versions not specified)
Description
The issue is related to an improper authorization exploit. This could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states. The vulnerability is caused by weaknesses in the authorization procedure, which can be exploited by a remote, unauthenticated attacker to cause a denial of service.
Recommendations
For AVEVA Plant SCADA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For AVEVA Telemetry Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aveva Plant Scada
Aveva Telemetry Server