CVE-2023-34348

Name of the Vulnerable Software and Affected Versions AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior

Description The issue is related to the incorrect handling of exceptional states in the AVEVA PI Server component, which is responsible for storing, normalizing, analyzing, and notifying data in real-time. This could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.

Recommendations For AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior, consider applying a patch or fix to resolve the issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the PI Message Subsystem to minimize the risk of exploitation.