EUVD-2025-18213

| CVE-2025-44019 HIGH
2025-06-12 [email protected]
Denial Of Service
7.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18213
CVE Published
Jun 12, 2025 - 20:15 nvd
HIGH 7.1

DescriptionNVD

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. Depending on the timing of the crash, data present in snapshots/write cache may be lost.

AnalysisAI

CVE-2025-44019 is an uncaught exception vulnerability in AVEVA PI Data Archive that allows authenticated users to crash critical subsystems, causing denial of service and potential data loss in write caches. The vulnerability affects AVEVA PI Data Archive products across multiple versions and requires valid credentials to exploit, making it a medium-to-high risk for organizations relying on AVEVA's industrial data infrastructure.

Technical ContextAI

This vulnerability exploits improper exception handling (CWE-248: Uncaught Exception) within AVEVA PI Data Archive subsystems. PI Data Archive is a time-series database platform critical to SCADA and industrial control systems, managing real-time and historical process data. The uncaught exception allows an authenticated attacker to trigger an unhandled error condition that cascades through necessary subsystems, forcing their termination. The root cause stems from insufficient input validation or error boundary handling in subsystem communication logic. PI Data Archive CPE typically follows: cpe:2.3:a:aveva:pi_data_archive:*:*:*:*:*:*:*:* with various version strings. The timing-dependent data loss in snapshots and write caches indicates the vulnerability impacts the in-memory buffering layer responsible for atomically persisting data to disk.

RemediationAI

Patching: Apply AVEVA security patches for PI Data Archive addressing CVE-2025-44019. Consult AVEVA Product Security Advisories and update to patched versions immediately upon release.; priority: Critical Access Control: Restrict PI Data Archive user accounts using principle of least privilege. Audit and remove unnecessary authenticated access, particularly from shared or service accounts. Implement role-based access control (RBAC) if supported.; priority: High Network Segmentation: Isolate PI Data Archive servers within DMZ or industrial network segments. Restrict inbound network access to trusted systems and operator workstations only. Disable unnecessary network interfaces if PI Data Archive supports local-only operation.; priority: High Monitoring & Detection: Enable audit logging for PI Data Archive subsystem crashes and authenticated user activity. Monitor for repeated authentication failures or unusual API calls that may indicate exploitation attempts. Alert on unexpected subsystem restarts.; priority: Medium Backup Strategy: Implement frequent snapshots and backups of PI Data Archive write cache and snapshots to mitigate data loss from subsystem crashes. Test restore procedures regularly.; priority: Medium

Share

EUVD-2025-18213 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy