Vulnerability Database

309,084

Total vulnerabilities in the database

CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.

Published: Mar 16, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-1256
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
aveva / telemetry_server	2020r2	2020r2.x
aveva / telemetry_server	2020r2-sp1	2020r2-sp1.x
aveva / aveva_plant_scada	2020r2	2020r2.x
aveva / aveva_plant_scada	2020r2-update_10	2020r2-update_10.x
aveva / aveva_plant_scada	2023	2023.x
aveva / aveva_plant_scada	2023-update_10	2023-update_10.x

https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo