PatchSiren cyber security CVE debrief
CVE-2024-3467 AVEVA CVE debrief
CVE-2024-3467 is a high-severity vulnerability in AVEVA PI Asset Framework Client that enables arbitrary code execution when an attacker socially engineers an interactive user into importing malicious XML. Published on June 11, 2024, this vulnerability carries a CVSS 3.1 score of 7.3 and requires local access with low attack complexity. The attack vector depends on user interaction—specifically, convincing a user to import untrusted XML into PI System Explorer. Once executed, malicious code runs with the privileges of the compromised interactive user, potentially leading to complete confidentiality, integrity, and availability compromise of the local environment. The vulnerability affects PI Asset Framework Client 2023 and versions through 2018 SP3 P04. AVEVA has released patches addressing this issue, with the recommended fix being an upgrade to PI AF Client 2023 Patch 1 or later. An alternative path exists for legacy deployments via 2018 SP3 Patch 5. Defensive measures include running PI System Explorer with least-privilege accounts and establishing verification procedures for XML import sources.
- Vendor
- AVEVA
- Product
- PI Asset Framework Client
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Organizations operating AVEVA PI System infrastructure in industrial environments, particularly those with: (1) engineering workstations running PI System Explorer, (2) operational technology (OT) environments where PI Asset Framework is deployed for process data management, (3) users with administrative or elevated privileges on PI client systems, and (4) environments where external XML configurations or templates are routinely imported. Critical infrastructure operators in energy, manufacturing, and water/wastewater sectors using AVEVA PI systems should prioritize assessment due to potential operational technology impact.
Technical summary
The vulnerability exists in the XML import functionality of PI System Explorer, the client component of AVEVA PI Asset Framework. When a user imports attacker-supplied XML, embedded malicious code executes within the PI System Explorer environment. The attack requires: (1) local access to a system with PI Asset Framework Client installed, (2) an interactive user session with privileges to operate PI System Explorer, and (3) successful social engineering to induce XML import. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) reflects local attack vector, low complexity, required user interaction, and high impact across confidentiality, integrity, and availability dimensions. No network exploitation path exists; attack surface is limited to authenticated local users with social engineering susceptibility.
Defensive priority
high
Recommended defensive actions
- Upgrade to PI AF Client 2023 Patch 1 or later as the primary remediation path
- For legacy environments, deploy PI AF Client 2018 SP3 Patch 5 or later
- Configure PI System Explorer to run under least-privilege interactive accounts
- Implement procedural controls to verify XML source trustworthiness before import
- Review and apply AVEVA security advisory AVEVA-2024-004 for additional guidance
- Monitor CISA ICS advisories for related industrial control system security updates
Evidence notes
Vulnerability details sourced from CISA ICS Advisory ICSA-24-163-03 published June 11, 2024. CVSS vector AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H confirmed via official advisory. Affected product versions and remediation guidance extracted from CSAF remediation entries.
Official resources
-
CVE-2024-3467 CVE record
CVE.org
-
CVE-2024-3467 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11