Description
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. Depending on the timing of the crash, data present in snapshots/write cache may be lost.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected products
- AVEVA / PI Data Archive0 – 2018 SP3 Patch 4
- AVEVA / PI Data Archive2023 – 2023
- AVEVA / PI Data Archive2023 Patch 1 – 2023 Patch 1
- AVEVA / PI Server0 – 2018 SP3 Patch 6
- AVEVA / PI Server2023 – 2023
- AVEVA / PI Server2023 Patch 1 – 2023 Patch 1