CVE-2023-34982
15.11.2023, 17:15
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| aveva | batch_management | 𝑥 < 2020 |
| aveva | communication_drivers | 𝑥 < 2020 |
| aveva | edge | 𝑥 ≤ 20.1.101 |
| aveva | enterprise_licensing | 𝑥 ≤ 3.7.002 |
| aveva | historian | 𝑥 < 2020 |
| aveva | intouch | 𝑥 < 2020 |
| aveva | manufacturing_execution_system | 𝑥 < 2020 |
| aveva | mobile_operator | 𝑥 < 2020 |
| aveva | plant_scada | 𝑥 < 2020 |
| aveva | recipe_management | 𝑥 < 2020 |
| aveva | system_platform | 𝑥 < 2020 |
| aveva | work_tasks | 𝑥 < 2020 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-73 - External Control of File Name or PathThe software allows user input to control or influence paths or file names that are used in filesystem operations.
- CWE-610 - Externally Controlled Reference to a Resource in Another SphereThe product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.