CVE-2023-31274

2024-01-1818:15:08

CWE-772

[email protected]

web.nvd.nist.gov

cve-2023-31274

aveva pi server

memory consumption

throttled processing

denial-of-service

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.

Affected configurations

Nvd

Node

avevapi_serverRange<2018

avevapi_serverMatch2018-

avevapi_serverMatch2018sp3_patch_5

avevapi_serverMatch2023-

VendorProductVersionCPE
avevapi_server*cpe:2.3:a:aveva:pi_server:*:*:*:*:*:*:*:*
avevapi_server2018cpe:2.3:a:aveva:pi_server:2018:-:*:*:*:*:*:*
avevapi_server2018cpe:2.3:a:aveva:pi_server:2018:sp3_patch_5:*:*:*:*:*:*
avevapi_server2023cpe:2.3:a:aveva:pi_server:2023:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
aveva	pi_server	*	cpe:2.3:a:aveva:pi_server::::::::
aveva	pi_server	2018	cpe:2.3:a:aveva:pi_server:2018:-::::::
aveva	pi_server	2018	cpe:2.3:a:aveva:pi_server:2018:sp3_patch_5::::::
aveva	pi_server	2023	cpe:2.3:a:aveva:pi_server:2023:-::::::