CVE-2024-3468

Name of the Vulnerable Software and Affected Versions AVEVA PI Web API (affected versions not specified)

Description The issue is related to the execution of malicious code on the PI Web API environment under the privileges of an interactive user. This can occur when an attacker supplies content for the API XML import functionality, potentially through social engineering. The vulnerability may also involve the restoration of untrusted data in memory, allowing a remote attacker to execute arbitrary code using specially crafted data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.