Aveva

**Name of the Vulnerable Software and Affected Versions** AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior **Description** The issue is related to the incorrect handling of exceptional states in the AVEVA PI Server component, which is responsible for storing, normalizing, analyzing, and notifying data in real-time. This could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition. **Recommendations** For AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior, consider applying a patch or fix to resolve the issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the PI Message Subsystem to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior **Description** The issue allows an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory, resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition. **Recommendations** For AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.