Lucene search
IcscertCVELIST:CVE-2024-3468HistoryJun 12, 2024 - 9:04 p.m.
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
2024-06-1221:04:28
CWE-502
icscert
www.cve.org
3
cve-2024-3468
aveva pi
web api
vulnerability
untrusted data
deserialization
malicious code
execution
privileges
social engineering
xml import
8.4 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:L/SA:N
0.0004 Low
EPSS
Percentile
9.1%
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PI Web API",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-3468
2024-06-12 21:15:50
vulnrichment
vulnrichment
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
2024-06-12 21:04:28
ics
ics
AVEVA PI Web API
2024-06-11 12:00:00
cve
cve
CVE-2024-3468
2024-06-12 21:15:50
8.4 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:L/SA:N
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-3468