AVEVA PI Connector for CygNet

MonitorCVSS 5.5ICS-CERT ICSA-25-162-09Jun 12, 2025

AVEVA

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

PI Connector for CygNet versions 1.6.14 and earlier contain code injection and data validation vulnerabilities (CWE-79, CWE-354) in the administrative portal. An attacker with local administrative access could inject arbitrary code that persists in the portal or trigger a denial-of-service condition affecting the connector's availability and control system communication. These vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker with local administrative access to the server could inject malicious code into the administrative portal, potentially maintaining persistence and altering CygNet process control parameters, or trigger a denial-of-service condition that disrupts communication with CygNet monitoring systems.

Who's at risk

Water utilities and industrial facilities running AVEVA PI Connector for CygNet for process monitoring and data integration are affected. This includes operations teams managing CygNet water quality, flow, or pressure monitoring systems that rely on the PI data historian for real-time and historical analytics.

How it could be exploited

An attacker must have local access to the PI Connector for CygNet server and administrative privileges (membership in OS Administrators or PI Connector Administrators groups). They can then exploit the CWE-79 and CWE-354 vulnerabilities in the administrative portal to inject and persist arbitrary code, or cause the service to become unresponsive.

Prerequisites

Local access to the PI Connector for CygNet server
Membership in OS Local Administrators group or PI Connector Administrators group
Affected product version 1.6.14 or earlier

requires local access and high-privilege credentialsinjection vulnerabilities (CWE-79, CWE-354) in administrative interfaceno patch available for versions below 1.7.0 means affected systems remain vulnerable until updated

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

PI Connector for CygNet: <=1.6.14≤ 1.6.141.7.0 or higher

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict PI Connector for CygNet administrative access to trusted personnel only

HARDENINGAudit and restrict membership in OS Local Administrators and PI Connector Administrators groups to necessary users only

HARDENINGReview and enforce restrictive Access Control Lists (ACLs) on the PI Connector for CygNet installation folder to limit to trusted entities

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PI Connector for CygNet to version 1.7.0 or higher from the OSISoft Customer Portal

CVEs (2)

CVE-2025-4417 CVE-2025-4418

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/391b6c99-3fda-4318-89d2-169c4ccb0a24

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.