Arbitrary Code Execution and Privilege Escalation Vulnerability in AVEVA Edge
CVE-2023-6132

7.8HIGH

Key Information:

Vendor: Aveva
Status: Aveva Edge
Vendor: CVE Published:; 29 February 2024

What is CVE-2023-6132?

The vulnerability in AVEVA Edge allows a malicious actor with file system access to execute arbitrary code and escalate privileges. By exploiting this vulnerability, an attacker may manipulate the software to load a manipulated Dynamic Link Library (DLL), resulting in unauthorized control over affected systems. This situation underscores the importance of ensuring regular updates and vigilant monitoring of file system integrity to safeguard against potential exploitation.

Affected Version(s)

AVEVA Edge 0 <= 2020 R2 SP2

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

https://www.aveva.com/en/support-and-success/cyber-securi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Nov 14, 2023

Credit

Ting Chen of UESTC discovered and disclosed this vulnerability to AVEVA.

ADLab of Venustech discovered and disclosed this vulnerability to AVEVA.

Aveva

What is CVE-2023-6132?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit