← Back to home
ICSA-23-318-01  ·  Published 2023-11-14  ·  View on CISA ICS-CERT ↗

AVEVA Operations Control Logger

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow privilege escalation or denial of service.

CVEs (2)

Remediations

  • AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.
  • In addition to applying security updates, users should follow these general precautions:
  • Ensure that Guest or Anonymous local OS accounts are disabled.
  • Ensure that only trusted users are able to log in on the nodes where there Operations Control Logger is running.
  • Please see AVEVA Security Bulletin number AVEVA-2023-003 for more information and for links for individual security updates and mitigations for each of the affected products.
  • AVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736.

Affected Vendors

AVEVA

Affected Products (14)

AVEVA · AVEVA SystemPlatform <=2020_R2_SP1_P01
AVEVA · AVEVA Historian <=2020_R2_SP1_P01
AVEVA · AVEVA Application Server <=2020_R2_SP1_P01
AVEVA · AVEVA InTouch <=2020_R2_SP1_P01
AVEVA · AVEVA Enterprise Licensing (formerly known as License Manager) <=3.7.002
AVEVA · AVEVA Manufacturing Execution System (formerly known as Wonderware MES) <=2020_P01
AVEVA · AVEVA Recipe Management <=2020_R2_Update_1_Patch_2
AVEVA · AVEVA Batch Management <=2020_SP1
AVEVA · AVEVA Edge (formerly known as Indusoft Web Studio) <=2020_R2_SP1_P01
AVEVA · AVEVA Worktasks (formerly known as Workflow Management) <=2020_U2
AVEVA · AVEVA Plant SCADA (formerly known as Citect) <=2020_R2_Update_15
AVEVA · AVEVA Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds) <=2020_R1
AVEVA · AVEVA Communication Drivers Pack <=2020_R2_SP1
AVEVA · AVEVA Telemetry Server <=2020_R2_SP1

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more