CVE-2023-33873 HIGH

CVE-2023-33873: AVEVA Operations Control Logger Execution with Unnecessary Privileges

Vendor Aveva
Product SystemPlatform
Weakness CWE-250
Published November 15, 2023
Last update November 21, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Key dates

02Disclosure timeline

November 15, 2023 CVE published
November 21, 2024 Record updated