Description
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
Published: 2026-02-10
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via core service crash
Action: Patch Now
AI Analysis

Impact

The vulnerability is caused by an uncaught exception in AVEVA PI Data Archive that an unauthenticated attacker can trigger to force a crash of core PI services, resulting in a denial-of-service condition. This flaw is identified by CWE‑248 and manifests as an unhandled error pathway that causes an abrupt termination of critical data archive processes. The impact is a loss of availability for the PI system, potentially disrupting data collection, storage, and real‑time monitoring in industrial control environments.

Affected Systems

The affected product is AVEVA PI Data Archive. All versions of PI Data Archive delivered by PI Server can be remediated by upgrading to PI Server 2024 R2 or later. For installations running PI Server 2018 SP3 Patch 7 or earlier, a fix is available by upgrading to PI Server 2018 SP3 Patch 8 or higher.

Risk and Exploitability

This flaw has a high severity CVSS score of 8.7 and a low EPSS probability (< 1 %), indicating that while exploitation is technically possible, it is not widespread at present and is not listed in the CISA KEV catalog. The attack vector is remote and does not require authentication; an adversary would need to send a crafted request that triggers the uncaught exception, which then crashes the service. Because the vulnerability exists in a process exposed over the network (notably port 5450), an attacker can initiate the exploit without privileged access, making rapid exploitation of the flaw a practical concern for operators of exposed PI servers.

Generated by OpenCVE AI on April 17, 2026 at 20:26 UTC.

Remediation

Vendor Solution

AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users of affected product versions should apply security updates to mitigate the risk of exploit. All impacted versions of PI Data Archive can be fixed by upgrading to PI Server 2024 R2 or later available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/8c9b0e8c-eb68-481f-b420-c87a253a4172 . PI Data Archive delivered by PI Server 2018 SP3 Patch 7 and prior can be fixed by upgrading to PI Server 2018 SP3 Patch 8 or higher available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/79492560-7e4c-4800-8bd7-40cce61a17d2 . The following general defensive measures are recommended: * Monitor liveness of services listed in your installation’s “\PI\adm\pisrvstart.bat”. * Set the PI Data Archive Subsystem services to automatically restart. * PI Data Archive nodes should limit port 5450 inbound access to trusted workstations, users, and software. For additional information please refer to AVEVA-2026-002( https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AV... https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-002.pdf) .

OpenCVE Recommended Actions

  • Upgrade to PI Server 2024 R2 or later, or to PI Server 2018 SP3 Patch 8 or newer if running an earlier version
  • Configure the PI Data Archive Subsystem services to restart automatically and routinely monitor their liveness using the pisrvstart.bat scripts
  • Restrict inbound traffic to port 5450 to only trusted workstations, users and software

Generated by OpenCVE AI on April 17, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Aveva
Aveva pi Data Archive Pi Server
Vendors & Products Aveva
Aveva pi Data Archive Pi Server

Tue, 10 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Description The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
Title Uncaught Exception vulnerability in AVEVA PI Data Archive
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Aveva Pi Data Archive Pi Server
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-02-12T18:47:05.938Z

Reserved: 2026-01-27T20:22:05.820Z

Link: CVE-2026-1507

cve-icon Vulnrichment

Updated: 2026-02-12T18:47:02.489Z

cve-icon NVD

Status : Deferred

Published: 2026-02-10T21:16:01.647

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1507

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:30:15Z

Weaknesses