Lucene search
IcscertCVE-2024-3468HistoryJun 12, 2024 - 9:15 p.m.
CVE-2024-3468
2024-06-1221:15:50
CWE-502
icscert
web.nvd.nist.gov
29
cve-2024-3468
aveva pi web api
code execution
xml import
interactive user
attacker
privilege escalation
CVSS4
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:L/SA:N
AI Score
7.3
Confidence
High
EPSS
0
Percentile
9.0%
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PI Web API",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-3468
2024-06-12 21:15:50
cvelist
cvelist
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
2024-06-12 21:04:28
vulnrichment
vulnrichment
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
2024-06-12 21:04:28
ics
ics
AVEVA PI Web API
2024-06-11 12:00:00
CVSS4
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:L/SA:N
AI Score
7.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-3468