Vulnerability-Lookup

ICSA-24-163-03

Vulnerability from csaf_cisa - Published: 2024-06-11 06:00 - Updated: 2024-06-11 06:00

Summary

AVEVA PI Asset Framework Client

Notes

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of this vulnerability could allow malicious code execution.

Critical infrastructure sectors: Critical Manufacturing

Countries/areas deployed: Worldwide

Company headquarters location: United Kingdom

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices: Do not click web links or open attachments in unsolicited email messages.

Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

CVE-2024-3467

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Mitigation AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:

Mitigation (Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:From OSI Soft Customer Portal, search for "Asset Framework" and select "PI Asset Framework (AF) Client 2023 Patch 1" or later. https://my.osisoft.com/

Mitigation (Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:From OSI Soft Customer Portal, search for "Asset Framework" and select either "PI Asset Framework (AF) Client 2018 SP3 Patch 5" or later. https://my.osisoft.com/

Mitigation AVEVA further recommends users follow general defensive measures:

Mitigation Run PI System Explorer as a least privilege interactive account when possible.

Mitigation Establish procedures for verifying the source of XML is trusted before importing into PI System Explorer.

Mitigation For additional information please refer to AVEVA-2024-004 https://www.aveva.com/en/support-and-success/cybe…

References

URL

Category

	https://raw.githubusercontent.com/cisagov/CSAF/de…	self
	https://www.cisa.gov/news-events/ics-advisories/i…	self
	https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
	https://www.cisa.gov/resources-tools/resources/ic…	external
	https://www.cisa.gov/sites/default/files/publicat…	external
	https://www.cisa.gov/topics/industrial-control-systems	external
	https://www.cisa.gov/uscert/sites/default/files/p…	external
	https://www.cisa.gov/uscert/ncas/tips/ST04-014	external
	https://us-cert.cisa.gov/sites/default/files/reco…	external
	https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
	http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
	https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
	https://www.first.org/cvss/calculator/v4-0#CVSS:4…	external

Acknowledgments

AVEVA

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "AVEVA",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow malicious code execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United Kingdom",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-163-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-163-03.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-163-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "AVEVA PI Asset Framework Client",
    "tracking": {
      "current_release_date": "2024-06-11T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-163-03",
      "initial_release_date": "2024-06-11T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-06-11T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2023",
                "product": {
                  "name": "AVEVA PI Asset Framework Client: 2023",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "PI Asset Framework Client"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=2018_SP3_P04",
                "product": {
                  "name": "AVEVA PI Asset Framework Client: \u003c=2018_SP3_P04",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "PI Asset Framework Client"
          }
        ],
        "category": "vendor",
        "name": "AVEVA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3467",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3467"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "(Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:From OSI Soft Customer Portal, search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://my.osisoft.com/"
        },
        {
          "category": "mitigation",
          "details": "(Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:From OSI Soft Customer Portal, search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://my.osisoft.com/"
        },
        {
          "category": "mitigation",
          "details": "AVEVA further recommends users follow general defensive measures:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Run PI System Explorer as a least privilege interactive account when possible.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Establish procedures for verifying the source of XML is trusted before importing into PI System Explorer.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "For additional information please refer to AVEVA-2024-004",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

CVE-2024-3467 (GCVE-0-2024-3467)

Vulnerability from cvelistv5 – Published: 2024-06-12 21:04 – Updated: 2024-08-01 20:12

Title

Deserialization of Untrusted Data in AVEVA PI Asset Framework Client

Summary

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.

Severity ?

7 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/news-events/ics-advisories/i…

government-resource

Impacted products

	Vendor	Product	Version
	AVEVA	PI Asset Framework Client	Affected: 2023 Affected: 0 , ≤ 2018 SP3 P04 (custom)

Credits

AVEVA reported this vulnerability to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:aveva:pi_asset_framework_client:2023:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "pi_asset_framework_client",
            "vendor": "aveva",
            "versions": [
              {
                "status": "affected",
                "version": "2023"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:aveva:pi_asset_framework_client:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "pi_asset_framework_client",
            "vendor": "aveva",
            "versions": [
              {
                "lessThanOrEqual": "2018",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3467",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-03T18:12:24.328615Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T18:32:56.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:07.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PI Asset Framework Client",
          "vendor": "AVEVA",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            },
            {
              "lessThanOrEqual": "2018 SP3 P04",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "AVEVA reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.\u003c/span\u003e"
            }
          ],
          "value": "There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T21:04:26.635Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\u003c/p\u003e\u003cul\u003e\u003cli\u003e(Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:\u003cbr\u003eFrom \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.\u003c/li\u003e\u003cli\u003e(Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:\u003cbr\u003eFrom \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\"\u003eOSI Soft Customer Portal\u003c/a\u003e, search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAVEVA further recommends users follow general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eRun PI System Explorer as a least privilege interactive account when possible.\u003c/li\u003e\u003cli\u003eEstablish procedures for verifying the source of XML is trusted before importing into PI System Explorer.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2024-004\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\n\n  *  (Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:\nFrom  OSI Soft Customer Portal https://my.osisoft.com/ , search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.\n  *  (Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:\nFrom  OSI Soft Customer Portal https://my.osisoft.com/ , search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.\n\n\nAVEVA further recommends users follow general defensive measures:\n\n  *  Run PI System Explorer as a least privilege interactive account when possible.\n  *  Establish procedures for verifying the source of XML is trusted before importing into PI System Explorer.\n\n\nFor additional information please refer to  AVEVA-2024-004 https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Deserialization of Untrusted Data in AVEVA PI Asset Framework Client",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-3467",
    "datePublished": "2024-06-12T21:04:26.635Z",
    "dateReserved": "2024-04-08T15:55:44.665Z",
    "dateUpdated": "2024-08-01T20:12:07.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

ICSA-24-163-03

CVE-2024-3467 (GCVE-0-2024-3467)

Tags

Sightings

Nomenclature