OTPulse
FeedAboutContact

AVEVA PI Integrator

Plan Patch7.6ICS-CERT ICSA-25-224-04Aug 12, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

AVEVA PI Integrator for Business Analytics versions 2020 R2 SP1 and earlier contain file upload and information disclosure vulnerabilities. An authenticated user can upload arbitrary files through the publication target configuration and execute code on the server, or access sensitive information processed by the analytics platform. The vulnerabilities stem from improper file handling (CWE-434) and exposure of sensitive data (CWE-201).

What this means
What could happen
An attacker with valid credentials could upload and execute arbitrary files on the PI Integrator server, potentially allowing them to compromise the analytics platform and access sensitive operational data or alter how production information is published.
Who's at risk
Organizations using AVEVA PI Integrator for Business Analytics should care about this vulnerability. It affects the analytics and data publication layer of PI systems used in utilities, manufacturing, and process industries to aggregate and distribute operational data. Anyone relying on PI Integrator to publish production metrics, KPIs, or historical data should evaluate their exposure and access controls.
How it could be exploited
An authenticated user (or attacker with compromised credentials) accesses the PI Integrator web interface and uploads a malicious file through the publication target configuration. The file is executed on the server, giving the attacker the ability to run commands or access sensitive information processed by the analytics platform.
Prerequisites
  • Valid credentials for PI Integrator web interface
  • Network access to PI Integrator web application (typically TCP 80/443)
  • User interaction required (attacker or compromised user must initiate file upload through web interface)
Requires valid credentialsUser interaction required (malicious file must be uploaded via web interface)No patch available for current deploymentsAffects data integrity and confidentiality of operational analytics
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
PI Integrator for Business Analytics: <=2020_R2_SP1_.≤ 2020 R2 SP1 .2020 R2 SP2 or higher
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGAudit and restrict assigned permissions to PI Integrator—ensure only trusted users have access rights to publication targets
HARDENINGConfigure Text File and HDFS publication targets to limit allowed output file extensions and restrict output folders away from critical system paths and executable locations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PI Integrator for Business Analytics to version 2020 R2 SP2 or higher
Long-term hardening
0/2
HARDENINGDeploy Windows Defender Application Control (WDAC) to prevent execution of unauthorized executables on PI Integrator servers
HARDENINGPlace PI Integrator behind a firewall and isolate from the internet; restrict network access to authorized admin and engineering workstations only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/64ce6caf-205f-4957-89e5-f00fff2856d1
AVEVA PI Integrator | CVSS 7.6 - OTPulse