CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.

Published: Mar 16, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-1256
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
aveva / telemetry_server	2020r2	2020r2.x
aveva / telemetry_server	2020r2-sp1	2020r2-sp1.x
aveva / aveva_plant_scada	2020r2	2020r2.x
aveva / aveva_plant_scada	2020r2-update_10	2020r2-update_10.x
aveva / aveva_plant_scada	2023	2023.x
aveva / aveva_plant_scada	2023-update_10	2023-update_10.x

https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04

Vulnerability Database

289,599

CVE-2023-1256