AVEVA PI Data Archive
Summary
A vulnerability exists in multiple versions of AVEVA PI Data Archive that could allow an unauthenticated attacker to remotely crash core PI services, leading to a denial-of-service condition. The affected versions include PI Data Archive PI Server <=2018_SP3_Patch_7, 2023, 2023_Patch_1, and 2024, with a CVSS v3 score of 7.5.
IFF Assessment
A remotely exploitable vulnerability leading to denial of service is bad news for defenders.
Severity
Defender Context
This vulnerability affects a widely deployed industrial control system (ICS) data archiving solution, making critical manufacturing particularly vulnerable. Defenders should prioritize patching or upgrading to PI Server 2024 R2 or later. Unpatched systems are easily exploitable and could lead to significant operational disruptions.