cve/2023/CVE-2023-33873.md

### [CVE-2023-33873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33873)
![](https://img.shields.io/static/v1?label=Product&message=Application%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Batch%20Management&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Communication%20Drivers%20Pack&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Edge%20(formerly%20known%20as%20Indusoft%20Web%20Studio)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Licensing%20(formerly%20known%20as%20License%20Manager)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Historian&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=InTouch&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Manufacturing%20Execution%20System%20(formerly%20known%20as%20Wonderware%20MES)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Mobile%20Operator%20(formerly%20known%20as%20IntelaTrac%20Mobile%20Operator%20Rounds)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Plant%20SCADA%20(formerly%20known%20as%20Citect)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Recipe%20Management&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SystemPlatform&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Telemetry%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Worktasks%20(formerly%20known%20as%20Workflow%20Management)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20P01%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20SP1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20SP1%20P01%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20Update%201%20Patch%202%20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20Update%2015%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20SP1%20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20U2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.7.002%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%20Execution%20with%20Unnecessary%20Privileges%20&color=brighgreen)

### Description

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

### POC

#### Reference
- https://www.aveva.com/en/support-and-success/cyber-security-updates/

#### Github
No PoCs found on GitHub currently.