Social Engineering Vulnerability in AVEVA PI Web API Could Allow Malicious Code Execution
CVE-2024-3468

Currently unrated

Key Information:

Vendor

Aveva

Status
Pi Web Api
Vendor
CVE Published:
12 June 2024

What is CVE-2024-3468?

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PI Web API 0 <= 2023

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...
government-resource

Timeline

  • Vulnerability published

Credit

AVEVA reported this vulnerability to CISA.
JSON
.