CVE-2023-6132

The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.aveva.com/en/support-and-success/cyber-security-updates/	Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03	Third Party Advisory US Government Resource
https://www.aveva.com/en/support-and-success/cyber-security-updates/	Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:aveva:platform_common_services:4.4.6:::::::*
	cpe:2.3:a:aveva:platform_common_services:4.5.0:::::::*
	cpe:2.3:a:aveva:platform_common_services:4.5.1:::::::*
	cpe:2.3:a:aveva:platform_common_services:4.5.2:::::::*

OR	cpe:2.3:a:aveva:batch_management:2020:::::::*
	cpe:2.3:a:aveva:enterprise_data_management:2021:::::::*
	cpe:2.3:a:aveva:manufacturing_execution_system:2020:::::::*
	cpe:2.3:a:aveva:mobile_operator:2020:-::::::
	cpe:2.3:a:aveva:system_platform:2020:-::::::
	cpe:2.3:a:aveva:system_platform:2020:r2::::::
	cpe:2.3:a:aveva:system_platform:2020:r2_p01::::::
	cpe:2.3:a:aveva:work_tasks:2020:-::::::
	cpe:2.3:a:aveva:work_tasks:2020:update_1::::::

History

No history.

Information

Published : 2024-02-29 18:15

Updated : 2025-03-04 12:38

NVD link : CVE-2023-6132

Mitre link : CVE-2023-6132

CVE.ORG link : CVE-2023-6132

JSON object : View

Products Affected

aveva

work_tasks
batch_management
manufacturing_execution_system
mobile_operator
system_platform
platform_common_services
enterprise_data_management

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2023-6132", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-29T18:15:16.283", "references": [{"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\n\n"}, {"lang": "es", "value": "La vulnerabilidad, si se explota, podr\u00eda permitir que una entidad maliciosa con acceso al sistema de archivos logre la ejecuci\u00f3n de c\u00f3digo arbitrario y una escalada de privilegios enga\u00f1ando a AVEVA Edge para que cargue una DLL insegura."}], "lastModified": "2025-03-04T12:38:47.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D5AA794-B71B-4DC2-8254-558DA9EAA18C"}, {"criteria": "cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA195955-5FCD-45B6-8A92-237841971054"}, {"criteria": "cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB04BBFF-711B-4131-9351-2D6368D51551"}, {"criteria": "cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE7D391D-D697-4517-BA2D-207CF0E59D1D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC211CF9-48DB-499F-8C47-8FA9FBC793F6"}, {"criteria": "cpe:2.3:a:aveva:enterprise_data_management:2021:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9E14A30-8B46-4C8F-8D3D-9B1825FCD1F8"}, {"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1288B3F5-2A5F-4516-96F8-FDB33A71060A"}, {"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B9AA5D22-126E-4E0B-AD44-8990B9218AA6"}, {"criteria": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D47F4B07-B67F-4855-AED2-D17B0E76FA8A"}, {"criteria": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1ED7E9C7-B882-4F57-B796-59A4F90EE185"}, {"criteria": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33D5FF9C-590D-4BA3-A265-35956E4F36DF"}, {"criteria": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78E65146-9CB1-423B-A565-48530C453382"}, {"criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64EF2703-3C49-468A-ADA9-E78173DF4F65"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}