CVE-2025-36539 | THREATINT

Description

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service.

PUBLISHED Reserved 2025-04-21 | Published 2025-06-12 | Updated 2025-06-12 | Assigner icscert

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

2023 (custom)

affected

Default status

unaffected

2023 Patch 1

affected

Default status

unaffected

2023 (custom)

affected

Default status

unaffected

2023 Patch 1 (custom)

affected

Credits

AVEVA reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-162-07

www.aveva.com/en/support-and-success/cyber-security-updates/

cve.org (CVE-2025-36539)

nvd.nist.gov (CVE-2025-36539)

Download JSON

help @ threatint.eu