EUVD-2023-23525

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

AVEVA Plant SCADA and Telemetry Server are vulnerable to improper authorization allowing remote attacks

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the AVEVA Plant SCADA system and the AVEVA Telemetry Server, caused by deficiencies in authentication procedures, allows a intruder to trigger a service failure.	20 Apr 202300:00	–	bdu_fstec
Circl	CVE-2023-1256	16 Mar 202321:30	–	circl
CNNVD	AVEVA Plant SCADA Access Anywhere 授权问题漏洞	15 Mar 202300:00	–	cnnvd
CVE	CVE-2023-1256	16 Mar 202318:33	–	cve
Cvelist	CVE-2023-1256 CVE-2023-1256	16 Mar 202318:33	–	cvelist
ICS	AVEVA Plant SCADA and AVEVA Telemetry Server	29 Mar 202318:39	–	ics
NCSC	Vulnerabilities fixed in Aveva products	16 Mar 202300:00	–	ncsc
NVD	CVE-2023-1256	16 Mar 202319:15	–	nvd
OSV	CVE-2023-1256	16 Mar 202319:15	–	osv
Prion	Authorization	16 Mar 202319:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "8bcb5b81-6032-3bb3-aa60-76e8718c4732",
        "vendor": {
          "name": "AVEVA"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "21fcddb1-c6de-3d15-8126-b8a578169984",
        "product": {
          "name": "AVEVA Plant SCADA"
        },
        "product_version": "2023 Update 10"
      },
      {
        "id": "97ecc081-0f48-3bbe-a67d-34d7b460e1aa",
        "product": {
          "name": "AVEVA Telemetry Server"
        },
        "product_version": "2020 R2 SP1"
      },
      {
        "id": "ca7cb452-f537-36b8-b63d-2034abf7c8b1",
        "product": {
          "name": "AVEVA Plant SCADA"
        },
        "product_version": "2020R2 Update 10"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-073-04

03 Oct 2025 20:07Current

9.1High risk

Vulners AI Score9.1

CVSS 3.19.8

EPSS0.00333

SSVC