The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAveva Plant Scada
APPAveva2020r22023Aveva Telemetry Server
APPAveva2020r2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
Powiązane podatności
CVE-2023-33873HIGH7.8ten sam produkt
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...
CVE-2023-34982MEDIUM5.5ten sam produkt
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard pr...
CVE-2025-61943CRITICAL9.3PL ✓ten sam vendor
SQL Injection w Aveva Process Optimization umożliwiający RCE
CVE-2025-61937CRITICAL10.0PL ✓ten sam vendor
RCE z uprawnieniami systemowymi w Aveva Process Optimization
CVE-2025-64691CRITICAL9.3PL ✓ten sam vendor
Privilege escalation przez manipulację skryptami TCL w Aveva Process Optimization