ICSA-23-073-04
·
Published 2023-03-29
·
View on CISA ICS-CERT ↗
AVEVA Plant SCADA and AVEVA Telemetry Server
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of this vulnerability could allow an unauthenticated user to read data, cause a denial of service, and tamper with alarm states.
CVEs (1)
Remediations
- AVEVA has released the following fixes for the following products:
- All affected versions in “mainstream support” can be fixed by upgrading to AVEVA Plant SCADA 2023 Update 1 or later.
- AVEVA Plant SCADA 2020R2 can alternatively be patched with AVEVA Plant SCADA 2020R2 Update 11 or later. For additional upgrade information, refer to the AVEVA Plant SCADA upgrade guide.
- All affected versions in “mainstream support” can be fixed by upgrading to AVEVA Telemetry Server 2020 R2 SP2 or later.
- For more information on this vulnerability, including security updates, users should see security bulletin AVEVA-2023-002
Affected Vendors
AVEVA
Affected Products (2)
AVEVA
·
AVEVA Plant SCADA 2023, AVEVA Plant SCADA 2020R2
<= 10
AVEVA
·
AVEVA Telemetry Server 2020 R2
<= SP1
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more