AVEVA Edge products (formerly known as InduSoft Web Studio)

🗓️ 01 Feb 2024 07:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 28 Views

CVE-2023-6132 in AVEVA Edge may lead to code execution and privilege escalation by loading unsafe DLL. Mitigate by upgrading to AVEVA Edge 2023 or AVEVA Edge 2020 R2 SP2 P0

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-6132	24 Feb 202410:41	–	circl
CNNVD	AVEVA Edge Code Issue Vulnerability	2 Feb 202400:00	–	cnnvd
CVE	CVE-2023-6132	29 Feb 202417:40	–	cve
Cvelist	CVE-2023-6132 AVEVA Edge products Uncontrolled Search Path Element	29 Feb 202417:40	–	cvelist
EUVD	EUVD-2023-58387	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6132	29 Feb 202418:15	–	nvd
Prion	Privilege escalation	29 Feb 202418:15	–	prion
Positive Technologies	PT-2024-1469 · Aveva · Aveva Edge	31 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-6132	23 May 202504:58	–	redhatcve
Vulnrichment	CVE-2023-6132 AVEVA Edge products Uncontrolled Search Path Element	29 Feb 202417:40	–	vulnrichment

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-032-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-032-03
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

01 Feb 2024 07:00Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.3 - 7.8

EPSS0.00039

SSVC