Lucene search
IcscertCVELIST:CVE-2024-3467HistoryJun 12, 2024 - 9:04 p.m.
CVE-2024-3467 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client
2024-06-1221:04:26
CWE-502
icscert
www.cve.org
1
cve-2024-3467
aveva
pi asset framework
deserialization
untrusted data
code execution
interactive user
xml
attack
7 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
0.0004 Low
EPSS
Percentile
9.1%
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PI Asset Framework Client",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2023"
},
{
"lessThanOrEqual": "2018 SP3 P04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-3467
2024-06-12 21:15:50
cve
cve
CVE-2024-3467
2024-06-12 21:15:50
ics
ics
AVEVA PI Asset Framework Client
2024-06-11 12:00:00
7 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-3467