Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.

Published

2024-06-12T21:15:50.617

Last Modified

2024-11-21T09:29:39.743

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	aveva	pi_asset_framework_client	2018	Yes
Application	aveva	pi_asset_framework_client	2023	Yes

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03 Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)