All CISA Advisories, EN

AVEVA PI Integrator

2025-08-12 18:08

1. EXECUTIVE SUMMARY

CVSS v4 7.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: AVEVA
Equipment: PI Integrator
Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following AVEVA products are affected:

PI Integrator for Business Analytics: Versions 2020 R2 SP1 and prior.

3.2 VULNERABILITY OVERVIEW

3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

CVE-2025-54460 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L).

A CVSS v4 score has also been calculated for CVE-2025-54460. A base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H).

3.2.2 INSERTION OF SENSITIVE INFORMATION INT

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

AVEVA PI Integrator

Tags: All CISA Advisories EN

Post navigation

← Santesoft Sante PACS Server

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Russian government hackers said to be behind US federal court filing system hack: report August 12, 2025

IT Security News Hourly Summary 2025-08-12 21h : 17 posts August 12, 2025

Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities August 12, 2025

Malvertising campaign leads to PS1Bot, a multi-stage malware framework August 12, 2025

This Bluetooth tracker’s latest feature could save your life – but it costs extra August 12, 2025

Manpower franchise discloses data theft after RansomHub posts alleged stolen data August 12, 2025

Connex Credit Union Data Breach Affects 172,000 Members August 12, 2025

Is your iPhone alarm not going off? 6 potential fixes that worked for me August 12, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages August 12, 2025

Electronic Arts Blocked 300,000 Attempts Following Battlefield 6 Beta Launch August 12, 2025

Microsoft Releases Windows 11 Cumulative Updates (KB5063878, KB5063875) August 2025 with New Features August 12, 2025

Query the legacy DNSBLs via Korea Telecom? Move to Spamhaus Technology’s free Data Query Service August 12, 2025

Microsoft August 2025 Patch Tuesday, (Tue, Aug 12th) August 12, 2025

Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure August 12, 2025

Is ChatGPT Plus really worth $20 when the free version offers so many premium features? August 12, 2025

The next big TV panel leap was just unveiled by Samsung – and it makes LED look outdated August 12, 2025

I’ve tested the Apple Watch, Oura Ring, and other sleep trackers – 5 tips to get the best results August 12, 2025

Claude can now save you more time by automatically referencing past chats August 12, 2025

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs August 12, 2025

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks August 12, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}