EUVD-2023-38023

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Privilege escalation vulnerability allows local users to gain System privilege on compromised machines.

Reporter	Title	Published	Views	Family All 8
CNNVD	AVEVA Operations Control Logger Security Vulnerability	15 Nov 202300:00	–	cnnvd
CVE	CVE-2023-33873	15 Nov 202316:22	–	cve
Cvelist	CVE-2023-33873 AVEVA Operations Control Logger Execution with Unnecessary Privileges	15 Nov 202316:22	–	cvelist
ICS	AVEVA Operations Control Logger	14 Nov 202307:00	–	ics
NVD	CVE-2023-33873	15 Nov 202317:15	–	nvd
Prion	Privilege escalation	15 Nov 202317:15	–	prion
Positive Technologies	PT-2023-24526 · Aveva · Application Server +14	15 Nov 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-33873 AVEVA Operations Control Logger Execution with Unnecessary Privileges	15 Nov 202316:22	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "b1501c0d-a650-351a-9539-f8fac299053f",
        "vendor": {
          "name": "AVEVA"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "06b1fa1c-377c-3210-875e-82d4ec4780b9",
        "product": {
          "name": "Batch Management"
        },
        "product_version": "0 ≤2020 SP1"
      },
      {
        "id": "071ae0fe-6875-3c23-91a2-708325f3ace7",
        "product": {
          "name": "Recipe Management"
        },
        "product_version": "0 ≤2020 R2 Update 1 Patch 2"
      },
      {
        "id": "102ec282-8c26-3262-a4b1-f1424bc87f9e",
        "product": {
          "name": "Plant SCADA (formerly known as Citect)"
        },
        "product_version": "0 ≤2020 R2 Update 15"
      },
      {
        "id": "555ab20f-d717-38c1-b10b-6f4aa5b97bed",
        "product": {
          "name": "Enterprise Licensing (formerly known as License Manager)"
        },
        "product_version": "0 ≤3.7.002"
      },
      {
        "id": "6cf91978-f72b-30a6-917b-8caeaa616583",
        "product": {
          "name": "SystemPlatform"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "754d4efd-31fb-3dc1-9ef2-ca017818481d",
        "product": {
          "name": "Worktasks (formerly known as Workflow Management)"
        },
        "product_version": "0 ≤2020 U2"
      },
      {
        "id": "946beaf9-978c-346f-afc7-5c28cb5e9d07",
        "product": {
          "name": "InTouch"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "94b350c9-91c9-3c37-9ac6-4c92dbeeedce",
        "product": {
          "name": "Telemetry Server"
        },
        "product_version": "0 ≤2020 R2 SP1"
      },
      {
        "id": "b498b77e-f9a0-344d-8890-f10623e1f042",
        "product": {
          "name": "Edge (formerly known as Indusoft Web Studio)"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "c3ccb838-b960-3450-a5b9-2f4f76ef0507",
        "product": {
          "name": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)"
        },
        "product_version": "0 ≤2020 R1"
      },
      {
        "id": "c91a56ca-6b2e-3a66-9491-ed98ee475cfb",
        "product": {
          "name": "Application Server"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "eefadf0c-a1c1-3aae-848d-90c6c254398e",
        "product": {
          "name": "Historian"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "f345d37e-c3e0-39a9-bc21-86f9e35bede0",
        "product": {
          "name": "Communication Drivers Pack"
        },
        "product_version": "0 ≤2020 R2 SP1"
      },
      {
        "id": "f6d883d1-587e-380c-a98b-e7e75906594b",
        "product": {
          "name": "Manufacturing Execution System (formerly known as Wonderware MES)"
        },
        "product_version": "0 ≤2020 P01"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
aveva	www.aveva.com/en/support-and-success/cyber-security-updates/

03 Oct 2025 20:07Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.8

EPSS0.00135

SSVC