AVEVA PI Data Archive

Plan PatchCVSS 7.1ICS-CERT ICSA-25-162-07Jun 12, 2025

AVEVAOSIsoft

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

CVE-2025-44019 and CVE-2025-36539 affect AVEVA PI Data Archive and PI Server. These vulnerabilities allow an authenticated user with network access to trigger an unhandled exception or resource exhaustion condition that causes a denial-of-service, shutting down the data archive subsystem and preventing collection of real-time process data.

What this means

What could happen

An attacker with network and login access could trigger a denial-of-service condition on your PI Data Archive or PI Server, disrupting data collection from field devices and potentially causing alarms or automation logic to fail due to lack of real-time process data.

Who's at risk

Organizations operating AVEVA PI Data Archive or PI Server for industrial process data collection and trending should prioritize this. This affects any facility using PI for SCADA data logging, energy management, water/wastewater monitoring, or manufacturing process control.

How it could be exploited

An attacker with valid user credentials and network access to the PI Server or PI Data Archive sends a specially crafted request that triggers an unhandled exception or resource exhaustion, causing the service to crash or become unresponsive.

Prerequisites

Valid user account credentials for PI Server or PI Data Archive
Network access to the PI Server on the data archive port (typically TCP 5450)
Ability to send crafted API or protocol requests to the archive

remotely exploitableauthentication required (reduces immediate risk)low complexity exploitationhigh availability impact (denial-of-service)affects data integrity and operational visibility

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

PI Data Archive: <=2018_SP3_Patch_4≤ 2018 SP3 Patch 42024 or higher (or 2018 SP3 Patch 7 or higher)

PI Server: <=2018_SP3_Patch_6≤ 2018 SP3 Patch 62024 or higher (or 2018 SP3 Patch 7 or higher)

PI Data Archive: 202320232024 or higher (or 2018 SP3 Patch 7 or higher)

PI Data Archive: 2023_Patch_12023 Patch 12024 or higher (or 2018 SP3 Patch 7 or higher)

PI Server: 202320232024 or higher (or 2018 SP3 Patch 7 or higher)

PI Server: 2023_Patch_12023 Patch 12024 or higher (or 2018 SP3 Patch 7 or higher)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to PI Server ports to only authorized engineering workstations and systems that require data archive connectivity

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PI Data Archive to version 2024 or higher

HOTFIXUpgrade PI Server to version 2024 or higher

HOTFIXIf upgrading to 2024 is not immediately feasible, upgrade PI Server to 2018 SP3 Patch 7 or higher as an interim fix

Long-term hardening

0/1

HARDENINGReview and disable unnecessary user accounts on PI Server and PI Data Archive to limit the number of credentials that could be compromised

CVEs (2)

CVE-2025-44019 CVE-2025-36539

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5111c470-5a07-4400-a835-0893561efeef

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.