Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.

Published

2023-03-16T19:15:18.227

Last Modified

2024-11-21T07:38:46.503

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	aveva	aveva_plant_scada	2020r2	Yes
Application	aveva	aveva_plant_scada	2020r2	Yes
Application	aveva	aveva_plant_scada	2023	Yes
Application	aveva	aveva_plant_scada	2023	Yes
Application	aveva	telemetry_server	2020r2	Yes
Application	aveva	telemetry_server	2020r2	Yes

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04 Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)