Vulnerability in Aveva Reports For Operations 2023
CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service.
EPSS: 0.001 (3.9th percentile) — read the EPSS interpretation.
Affected products
- Aveva Reports For Operations 2023 — versions 23.0.17795.1010
- Ocean Data Systems Dream Report 2023 — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- ics-cert@hq.dhs.gov (government-resource)
Frequently asked questions
- What is CVE-2024-6619?
- CVE-2024-6619 is a vulnerability in Aveva Reports For Operations 2023, classified under Incorrect Permission Assignment for Critical Resource. Published 2024-08-13.
- Is CVE-2024-6619 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.