CVE-2023-6132 (GCVE-0-2023-6132)

Vulnerability from cvelistv5 – Published: 2024-02-29 17:40 – Updated: 2024-08-22 18:02
VLAI?
Title
AVEVA Edge products Uncontrolled Search Path Element
Summary
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
Severity ?
7.3 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Vendor Product Version
AVEVA AVEVA Edge Affected: 0 , ≤ 2020 R2 SP2 (custom)
Create a notification for this product.
Credits
Ting Chen of UESTC discovered and disclosed this vulnerability to AVEVA. ADLab of Venustech discovered and disclosed this vulnerability to AVEVA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aveva_edge",
            "vendor": "aveva",
            "versions": [
              {
                "lessThan": "2020_r2_sp2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-29T20:50:57.047063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T18:02:51.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AVEVA Edge",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2020 R2 SP2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ting Chen of UESTC discovered and disclosed this vulnerability to AVEVA. "
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ADLab of Venustech discovered and disclosed this vulnerability to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-29T17:40:05.162Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03"
        },
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eAVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=0c8abaf3-2e4c-4be1-aa78-3ad445c58a16\"\u003eAVEVA Edge 2023\u003c/a\u003e, \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=1e5d9950-d945-4bab-984b-245fe3f152ac\"\u003eAVEVA Edge 2020 R2 SP2 P01\u003c/a\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eNote: Log-in is required.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, please refer to AVEVA\u0027s security advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2024-002.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nAVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website:  AVEVA Edge 2023 https://softwaresupportsp.aveva.com/#/producthub/details ,  AVEVA Edge 2020 R2 SP2 P01 https://softwaresupportsp.aveva.com/#/producthub/details .\n\n  *  Note: Log-in is required.\n\n\nFor additional information, please refer to AVEVA\u0027s security advisory  AVEVA-2024-002. https://www.aveva.com/en/support-and-success/cyber-security-updates/ \n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Edge products  Uncontrolled Search Path Element",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-6132",
    "datePublished": "2024-02-29T17:40:05.162Z",
    "dateReserved": "2023-11-14T16:29:50.706Z",
    "dateUpdated": "2024-08-22T18:02:51.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad, si se explota, podr\\u00eda permitir que una entidad maliciosa con acceso al sistema de archivos logre la ejecuci\\u00f3n de c\\u00f3digo arbitrario y una escalada de privilegios enga\\u00f1ando a AVEVA Edge para que cargue una DLL insegura.\"}]",
      "id": "CVE-2023-6132",
      "lastModified": "2024-11-21T08:43:11.930",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.9}]}",
      "published": "2024-02-29T18:15:16.283",
      "references": "[{\"url\": \"https://www.aveva.com/en/support-and-success/cyber-security-updates/\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.aveva.com/en/support-and-success/cyber-security-updates/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6132\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-02-29T18:15:16.283\",\"lastModified\":\"2025-03-04T12:38:47.847\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\\n\\n\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad, si se explota, podr\u00eda permitir que una entidad maliciosa con acceso al sistema de archivos logre la ejecuci\u00f3n de c\u00f3digo arbitrario y una escalada de privilegios enga\u00f1ando a AVEVA Edge para que cargue una DLL insegura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D5AA794-B71B-4DC2-8254-558DA9EAA18C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA195955-5FCD-45B6-8A92-237841971054\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB04BBFF-711B-4131-9351-2D6368D51551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE7D391D-D697-4517-BA2D-207CF0E59D1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC211CF9-48DB-499F-8C47-8FA9FBC793F6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:enterprise_data_management:2021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9E14A30-8B46-4C8F-8D3D-9B1825FCD1F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1288B3F5-2A5F-4516-96F8-FDB33A71060A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9AA5D22-126E-4E0B-AD44-8990B9218AA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47F4B07-B67F-4855-AED2-D17B0E76FA8A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ED7E9C7-B882-4F57-B796-59A4F90EE185\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*\",\"matchCriteriaId\":\"33D5FF9C-590D-4BA3-A265-35956E4F36DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"78E65146-9CB1-423B-A565-48530C453382\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"64EF2703-3C49-468A-ADA9-E78173DF4F65\"}]}]}],\"references\":[{\"url\":\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.aveva.com/en/support-and-success/cyber-security-updates/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:21:17.249Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6132\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-29T20:50:57.047063Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:aveva:aveva_edge:*:*:*:*:*:*:*:*\"], \"vendor\": \"aveva\", \"product\": \"aveva_edge\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2020_r2_sp2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-22T18:02:48.720Z\"}}], \"cna\": {\"title\": \"AVEVA Edge products  Uncontrolled Search Path Element\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Ting Chen of UESTC discovered and disclosed this vulnerability to AVEVA. \"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"ADLab of Venustech discovered and disclosed this vulnerability to AVEVA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVEVA\", \"product\": \"AVEVA Edge\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2020 R2 SP2\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\nAVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website:  AVEVA Edge 2023 https://softwaresupportsp.aveva.com/#/producthub/details ,  AVEVA Edge 2020 R2 SP2 P01 https://softwaresupportsp.aveva.com/#/producthub/details .\\n\\n  *  Note: Log-in is required.\\n\\n\\nFor additional information, please refer to AVEVA\u0027s security advisory  AVEVA-2024-002. https://www.aveva.com/en/support-and-success/cyber-security-updates/ \\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eAVEVA recommends users upgrade to AVEVA Edge 2023, or AVEVA Edge 2020 R2 SP2 P01 as soon as possible. Upgrades can be downloaded from the AVEVA official website: \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://softwaresupportsp.aveva.com/#/producthub/details?id=0c8abaf3-2e4c-4be1-aa78-3ad445c58a16\\\"\u003eAVEVA Edge 2023\u003c/a\u003e, \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://softwaresupportsp.aveva.com/#/producthub/details?id=1e5d9950-d945-4bab-984b-245fe3f152ac\\\"\u003eAVEVA Edge 2020 R2 SP2 P01\u003c/a\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eNote: Log-in is required.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, please refer to AVEVA\u0027s security advisory \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\\\"\u003eAVEVA-2024-002.\u003c/a\u003e\u003c/p\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03\"}, {\"url\": \"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427 Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-02-29T17:40:05.162Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-6132\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-22T18:02:51.796Z\", \"dateReserved\": \"2023-11-14T16:29:50.706Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-02-29T17:40:05.162Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.