CVE-2024-3467

Name of the Vulnerable Software and Affected Versions AVEVA PI Asset Framework Client (affected versions not specified)

Description The issue allows malicious code to execute on the PI System Explorer environment under the privileges of an interactive user. This can happen when an attacker socially engineers a user to import specially crafted XML data. The vulnerability is related to the restoration of untrusted data in memory, which can be exploited to execute arbitrary code using specially crafted data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.