Social Engineering Vulnerability in AVEVA PI Web API Could Allow Malicious Code Execution
CVE-2024-3468

Currently unrated

Key Information:

Vendor: Aveva
Status: Pi Web Api
Vendor: CVE Published:; 12 June 2024

What is CVE-2024-3468?

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.

Affected Version(s)

PI Web API 0 <= 2023

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

government-resource

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024

Credit

AVEVA reported this vulnerability to CISA.

Aveva

What is CVE-2024-3468?

Affected Version(s)

References

Timeline

Credit