Attacker Value
Unknown
0
CVE-2023-33873
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-33873
(Last updated December 09, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
SystemPlatform 2020 R2 SP1 P01
Historian 2020 R2 SP1 P01
Application Server 2020 R2 SP1 P01
InTouch 2020 R2 SP1 P01
Enterprise Licensing (formerly known as License Manager) 3.7.002
Manufacturing Execution System (formerly known as Wonderware MES) 2020 P01
Recipe Management 2020 R2 Update 1 Patch 2
Batch Management 2020 SP1
Edge (formerly known as Indusoft Web Studio) 2020 R2 SP1 P01
Worktasks (formerly known as Workflow Management) 2020 U2
Plant SCADA (formerly known as Citect) 2020 R2 Update 15
Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds) 2020 R1
Communication Drivers Pack 2020 R2 SP1
Telemetry Server 2020 R2 SP1
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Vendors
Products
- batch management,
- batch management 2020,
- communication drivers,
- communication drivers 2020,
- edge,
- enterprise licensing,
- historian,
- historian 2020,
- intouch,
- intouch 2020,
- manufacturing execution system,
- manufacturing execution system 2020,
- mobile operator,
- mobile operator 2020,
- plant scada,
- plant scada 2020,
- recipe management,
- recipe management 2020,
- system platform,
- system platform 2020,
- telemetry server 2020r2,
- work tasks,
- work tasks 2020
References
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
