CVE-2023-31274 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation FactoryTalk Historian SE in industrial control system environments, particularly those with externally accessible or poorly segmented PI Server deployments. Critical infrastructure operators in manufacturing, energy, and process industries relying on historian data availability for operational decision-making.

Technical summary

The vulnerability exists in the AVEVA PI Server component used by FactoryTalk Historian SE. The PI Message Subsystem does not properly constrain memory allocation from unauthenticated network sources, allowing an attacker to exhaust available system memory. This results in a partial denial-of-service condition that requires a power cycle to recover. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates network accessibility with low attack complexity, no privileges required, and high availability impact.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade FactoryTalk Historian SE to version 9.01 or higher as soon as feasible
• Apply network segmentation to limit exposure of PI Server components
• Monitor PI Message Subsystem memory utilization for anomalous consumption patterns
• Implement defense-in-depth controls per CISA ICS recommended practices
• Review AVEVA security bulletins AVEVA-2024-001 and AVEVA-2024-002 for additional product guidance

Evidence notes

Vulnerability disclosed via CISA ICS Advisory ICSA-24-130-01 on 2024-05-09. Affects FactoryTalk Historian SE ≤v9.0. Root cause is memory exhaustion in AVEVA PI Server's PI Message Subsystem. Vendor fix available in version 9.01 or higher.

Official resources