2023

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

aveva

CWE-755

NVD

Published: 2024-01-18

Updated: 2024-01-26

Summary

AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.

Vulnerable Configurations

Part	Description	Count
Application	Aveva Aveva PI Server 2018 Aveva PI Server 2023 Aveva PI Server *	4

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01