Improper Check or Handling of Exceptional Conditions in Aveva PI Server
CVE-2023-34348

7.5HIGH

Key Information:

Vendor: Aveva
Status: Pi Server
Vendor: CVE Published:; 18 January 2024

What is CVE-2023-34348?

The AVEVA PI Server is susceptible to a vulnerability that permits an unauthenticated user to exploit the system remotely, potentially leading to a crash of the PI Message Subsystem. This incident creates a denial-of-service scenario where legitimate users cannot access the service, severely disrupting operational capabilities. Stakeholders should prioritize system updates and monitor security advisories to mitigate risks associated with this vulnerability.

Affected Version(s)

PI Server 2023

PI Server 0 <= 2018 SP3 P05

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

government-resource

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2024
Vulnerability Reserved
Jul 12, 2023

Credit

Aveva