(I)IoT Security News
ICS, Market, News, Security Patches, Tools

VMware Releases Security Advisory for Aria Operations

Security Advisory: VMSA-2024-0001

1. Impacted Products

2. Introduction A Missing Access Control vulnerability in Aria Automation has been privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Description: Aria Automation contains a Missing Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.9.

Known Attack Vectors: An authenticated malicious actor may exploit this vulnerability, leading to unauthorized access to remote organizations and workflows.

Resolution: To remediate CVE-2023-34063, apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds: None.

Additional Documentation: A supplemental FAQ was created for additional clarification. Please see: FAQ

Notes: None.

Acknowledgements: VMware would like to thank Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Scientific Computing Platforms team for reporting this issue to us.

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Aria Automation8.16AnyCVE-2023-34063N/AN/AUnaffectedN/AFAQ
VMware Aria Automation8.14.xAnyCVE-2023-340639.9Critical 8.14.1 + PatchN/AFAQ
VMware Aria Automation8.13.xAnyCVE-2023-340639.9Critical 8.13.1 + PatchN/AFAQ
VMware Aria Automation8.12.xAnyCVE-2023-340639.9Critical 8.12.2 + PatchN/AFAQ
VMware Aria Automation8.11.xAnyCVE-2023-340639.9Critical 8.11.2 + PatchN/AFAQ
VMware Cloud Foundation (Aria Automation)5.x, 4.xAnyCVE-2023-340639.9Critical KB96136N/AFAQ

4. References

Fixed Version(s) and Release Notes:

Mitre CVE Dictionary Links:

FIRST CVSSv3 Calculator:

5. Change Log 2024-01-16 VMSA-2024-0001

Source:
https://www.vmware.com/security/advisories/VMSA-2024-0001.html

Related posts

Wibu-Systems CodeMeter

(I) IoT
4 years ago

GE Reason RT43X Clocks

(I) IoT
4 years ago

Mitsubishi Electric GOT and Tension Controller

(I) IoT
4 years ago
Exit mobile version