PatchSiren cyber security CVE debrief
CVE-2026-1507 AVEVA CVE debrief
CVE-2026-1507 is a high-severity availability issue in AVEVA PI Data Archive / PI Server. According to the CISA CSAF advisory, an unauthenticated attacker can trigger an uncaught exception that may remotely crash core PI services, resulting in denial of service. For industrial and OT environments, the main concern is service disruption rather than data theft or code execution.
- Vendor
- AVEVA
- Product
- PI Data Archive PI Server
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-10
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-10
Who should care
Organizations running AVEVA PI Data Archive / PI Server, especially industrial control and OT teams responsible for availability of PI services. Sites using PI Data Archive delivered by PI Server 2018 SP3 Patch 7 or earlier should treat this as urgent.
Technical summary
The advisory describes an uncaught exception in affected PI Data Archive products. Because the condition can be reached remotely without authentication, an attacker could crash core PI services and disrupt availability. The provided CVSS vector reflects network reachability, no privileges or user interaction required, and high availability impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Defensive priority
High. The issue is remotely reachable, requires no authentication, and affects service availability in OT environments where PI services may be operationally critical.
Recommended defensive actions
- Upgrade affected PI Data Archive installations to PI Server 2024 R2 or later, as recommended by AVEVA.
- If you are running PI Server 2018 SP3 Patch 7 or earlier, upgrade to PI Server 2018 SP3 Patch 8 or higher.
- Monitor the liveness of services listed in the installation's \PI\adm\pisrvstart.bat file.
- Configure PI Data Archive subsystem services to automatically restart.
- Restrict inbound access to PI Data Archive port 5450 to trusted workstations, users, and software.
- Review and follow the AVEVA security bulletin referenced in the advisory for environment-specific guidance.
Evidence notes
All core claims are taken from the CISA CSAF advisory for ICSA-26-041-03 / CVE-2026-1507. The advisory states that affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services, causing denial of service. Remediation guidance in the same advisory includes upgrading to PI Server 2024 R2 or later, or to PI Server 2018 SP3 Patch 8 or higher for older deployments, plus defensive measures such as service monitoring, automatic restarts, and limiting inbound access to port 5450. Timing context uses the CVE published/modified date of 2026-02-10.
Official resources
-
CVE-2026-1507 CVE record
CVE.org
-
CVE-2026-1507 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-02-10 in ICS Advisory ICSA-26-041-03, which republishes AVEVA-2026-002.