Description
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
Metadata
- Primary Vendor
- AVEVA
- Published
- 3/16/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
aveva : aveva_plant_scadaaveva : aveva_plant_scadaaveva : aveva_plant_scadaaveva : aveva_plant_scadaaveva : telemetry_serveraveva : telemetry_server
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.