CVE-2023-34982 AVEVA Operations Control Logger External Control of File Name or Path

🗓️ 15 Nov 2023 16:28:35Reported by icscertType

AVEVA Operations Control Logger File Path Control Vulnerability

Reporter	Title	Published	Views	Family All 8
CNNVD	AVEVA Operations Control Logger Security Vulnerability	15 Nov 202300:00	–	cnnvd
CVE	CVE-2023-34982	15 Nov 202316:28	–	cve
EUVD	EUVD-2023-39020	3 Oct 202520:07	–	euvd
ICS	AVEVA Operations Control Logger	14 Nov 202307:00	–	ics
NVD	CVE-2023-34982	15 Nov 202317:15	–	nvd
OSV	CVE-2023-34982	15 Nov 202317:15	–	osv
Prion	Xxe	15 Nov 202317:15	–	prion
Positive Technologies	PT-2023-25082 · Aveva · Application Server +14	15 Nov 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "SystemPlatform",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Historian",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Application Server",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "InTouch",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Enterprise Licensing (formerly known as License Manager)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "3.7.002",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Manufacturing Execution System (formerly known as Wonderware MES)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Recipe Management",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Batch Management",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 SP1 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Edge (formerly known as Indusoft Web Studio)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1 P01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Worktasks (formerly known as Workflow Management)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 U2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Plant SCADA (formerly known as Citect)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 Update 15",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Communication Drivers Pack",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Telemetry Server",
    "vendor": "AVEVA ",
    "versions": [
      {
        "lessThanOrEqual": "2020 R2 SP1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
aveva	www.aveva.com/en/support-and-success/cyber-security-updates/
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-318-01

15 Nov 2023 16:28Current

7.1High risk

Vulners AI Score7.1

CVSS 3.15.5

EPSS0.00089

CWE-73