EUVD-2023-39020

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

External control vulnerability allows file deletion by local users, causing denial of service.

Reporter	Title	Published	Views	Family All 8
CNNVD	AVEVA Operations Control Logger Security Vulnerability	15 Nov 202300:00	–	cnnvd
CVE	CVE-2023-34982	15 Nov 202316:28	–	cve
Cvelist	CVE-2023-34982 AVEVA Operations Control Logger External Control of File Name or Path	15 Nov 202316:28	–	cvelist
ICS	AVEVA Operations Control Logger	14 Nov 202307:00	–	ics
NVD	CVE-2023-34982	15 Nov 202317:15	–	nvd
OSV	CVE-2023-34982	15 Nov 202317:15	–	osv
Prion	Xxe	15 Nov 202317:15	–	prion
Positive Technologies	PT-2023-25082 · Aveva · Application Server +14	15 Nov 202300:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "2da3e904-8bf8-3a3f-8f7d-0c303468b7d1",
        "vendor": {
          "name": "AVEVA"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "01c0972b-815f-3e6b-8db7-9331ad0bb6de",
        "product": {
          "name": "SystemPlatform"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "22795625-c552-3825-8baa-bf891b81715d",
        "product": {
          "name": "Historian"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "2653d7f6-32ac-385d-885b-d4723b6e3a93",
        "product": {
          "name": "Plant SCADA (formerly known as Citect)"
        },
        "product_version": "0 ≤2020 R2 Update 15"
      },
      {
        "id": "286583c1-58ae-32c6-ae70-90a0bb543f23",
        "product": {
          "name": "Telemetry Server"
        },
        "product_version": "0 ≤2020 R2 SP1"
      },
      {
        "id": "41ed7312-8a8c-3ea9-8642-a2383c54b1fe",
        "product": {
          "name": "InTouch"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "4986bc07-7a55-3425-9079-04291a99d92d",
        "product": {
          "name": "Edge (formerly known as Indusoft Web Studio)"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "5f5e5aa8-8fc4-39e7-a75e-06ebabc38fa4",
        "product": {
          "name": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)"
        },
        "product_version": "0 ≤2020 R1"
      },
      {
        "id": "619e3dde-ef17-36e4-8437-1e22a6e25046",
        "product": {
          "name": "Recipe Management"
        },
        "product_version": "0 ≤2020 R2 Update 1 Patch 2"
      },
      {
        "id": "6298a2cd-5c04-30bd-9910-6ccf92a88bef",
        "product": {
          "name": "Enterprise Licensing (formerly known as License Manager)"
        },
        "product_version": "0 ≤3.7.002"
      },
      {
        "id": "7463c1cd-1209-31cc-99de-1a3ed2c38188",
        "product": {
          "name": "Communication Drivers Pack"
        },
        "product_version": "0 ≤2020 R2 SP1"
      },
      {
        "id": "92b37d0a-87b3-35fd-908b-c35326f643df",
        "product": {
          "name": "Manufacturing Execution System (formerly known as Wonderware MES)"
        },
        "product_version": "0 ≤2020 P01"
      },
      {
        "id": "a0170ef2-8a88-302c-8dc6-16b9e5e422d0",
        "product": {
          "name": "Batch Management"
        },
        "product_version": "0 ≤2020 SP1"
      },
      {
        "id": "cc63ed3e-a3a6-3f58-81ee-b4a3cc4e17c6",
        "product": {
          "name": "Application Server"
        },
        "product_version": "0 ≤2020 R2 SP1 P01"
      },
      {
        "id": "f8adf4cd-95e6-391e-926f-7e878d14574a",
        "product": {
          "name": "Worktasks (formerly known as Workflow Management)"
        },
        "product_version": "0 ≤2020 U2"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
aveva	www.aveva.com/en/support-and-success/cyber-security-updates/

03 Oct 2025 20:07Current

7High risk

Vulners AI Score7

CVSS 3.15.5 - 7.1

EPSS0.00089