CVE-2023-34982 MEDIUM

CVE-2023-34982: AVEVA Operations Control Logger External Control of File Name or Path

Vendor Aveva
Product SystemPlatform
Weakness CWE-73
Published November 15, 2023
Last update August 2, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.

Key dates

02Disclosure timeline

November 15, 2023 CVE published
August 2, 2024 Record updated