CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.
[
{
"cpes": [
"cpe:2.3:a:aveva:pi_asset_framework_client:2023:*:*:*:*:*:*:*"
],
"vendor": "aveva",
"product": "pi_asset_framework_client",
"versions": [
{
"status": "affected",
"version": "2023"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:aveva:pi_asset_framework_client:*:*:*:*:*:*:*:*"
],
"vendor": "aveva",
"product": "pi_asset_framework_client",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2018"
}
],
"defaultStatus": "unaffected"
}
]