7 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.
[
{
"defaultStatus": "unaffected",
"product": "PI Asset Framework Client",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023"
},
{
"lessThanOrEqual": "2018 SP3 P04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]