cve/2023/CVE-2023-34982.md

### [CVE-2023-34982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34982)
![](https://img.shields.io/static/v1?label=Product&message=Application%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Batch%20Management&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Communication%20Drivers%20Pack&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Edge%20(formerly%20known%20as%20Indusoft%20Web%20Studio)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Licensing%20(formerly%20known%20as%20License%20Manager)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Historian&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=InTouch&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Manufacturing%20Execution%20System%20(formerly%20known%20as%20Wonderware%20MES)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Mobile%20Operator%20(formerly%20known%20as%20IntelaTrac%20Mobile%20Operator%20Rounds)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Plant%20SCADA%20(formerly%20known%20as%20Citect)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Recipe%20Management&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SystemPlatform&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Telemetry%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Worktasks%20(formerly%20known%20as%20Workflow%20Management)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20P01%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20SP1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20SP1%20P01%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20Update%201%20Patch%202%20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20R2%20Update%2015%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20SP1%20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202020%20U2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.7.002%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20External%20Control%20of%20File%20Name%20or%20Path%20&color=brighgreen)

### Description

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.

### POC

#### Reference
- https://www.aveva.com/en/support-and-success/cyber-security-updates/

#### Github
No PoCs found on GitHub currently.