CVE-2024-3467

Опубликовано: 12 июн. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:aveva:pi_asset_framework_client:2018:sp3_patch_4:*:*:*:*:*:*

cpe:2.3:a:aveva:pi_asset_framework_client:2023:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

7.8 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-g5fx-mv2q-2jpr

CVSS3: 7.8

github

больше 1 года назад

BDU:2024-04700

CVSS3: 7.3

fstec