CVE-2024-3468

AVEVA PI Web API - Code Injection

Title source: llm

Description

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02

Scores

EPSS 0.0052

EPSS Percentile 66.5%

Classification

CWE

CWE-502

Status draft

Timeline

Published Jun 12, 2024

Tracked Since Feb 18, 2026