PT-2024-12265 · Aveva · Aveva Pi Server

Aveva

Published

2024-01-18

Updated

2024-01-26

CVE-2023-31274

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior

Description The issue allows an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory, resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.

Recommendations For AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2023-31274

Affected Products

Aveva Pi Server

PT-2024-12265 · Aveva · Aveva Pi Server

CVE-2023-31274

Weakness Enumeration

Related Identifiers

Affected Products

References · 5