CVE-2023-6132

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6132
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.aveva.com/en/support-and-success/cyber-security-updates/ Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 Third Party Advisory US Government Resource
https://www.aveva.com/en/support-and-success/cyber-security-updates/ Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*
OR cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*
cpe:2.3:a:aveva:enterprise_data_management:2021:*:*:*:*:*:*:*
cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*
cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*
cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*
History

17 Jun 2026, 06:50

Type Values Removed Values Added
First Time Aveva work Tasks
Aveva enterprise Data Management
Aveva batch Management
Aveva
Aveva manufacturing Execution System
Aveva mobile Operator
Aveva platform Common Services
Aveva system Platform
CPE cpe:2.3:a:aveva:enterprise_data_management:2021:*:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*
cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*
cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*
cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*
cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*
References () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 - Third Party Advisory, US Government Resource

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://www.aveva.com/en/support-and-success/cyber-security-updates/ - () https://www.aveva.com/en/support-and-success/cyber-security-updates/ -
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 -

29 Feb 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-29 18:15

Updated : 2026-06-17 06:50

NVD link : CVE-2023-6132

Mitre link : CVE-2023-6132

CVE.ORG link : CVE-2023-6132

JSON object : View

Products Affected

aveva

  • mobile_operator
  • manufacturing_execution_system
  • platform_common_services
  • work_tasks
  • batch_management
  • enterprise_data_management
  • system_platform
CWE
CWE-427

Uncontrolled Search Path Element