CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
EPSS
Percentile
9.0%
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.
[
{
"defaultStatus": "unaffected",
"product": "PI Asset Framework Client",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023"
},
{
"lessThanOrEqual": "2018 SP3 P04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]