OTPulse
FeedAboutContact

AVEVA PI Data Archive

Monitor7.5ICS-CERT ICSA-26-041-03Feb 10, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in AVEVA PI Data Archive allows an unauthenticated attacker with network access to port 5450 to craft a request that causes the PI Data Archive service to stop responding. The vulnerability is caused by improper handling of input (CWE-248). Successful exploitation results in service unavailability and loss of real-time data archiving capability. AVEVA has released patches for affected versions and recommends upgrading to mitigate the risk.

What this means
What could happen
An attacker can send a specially crafted request to PI Data Archive, causing the service to become unavailable and stop archiving operational data. This could disrupt your ability to monitor or recover historical process information.
Who's at risk
Water and electric utilities using AVEVA PI Data Archive for operational data collection and historical archiving. Affects organizations running PI Server versions 2018 SP3 Patch 7, 2023, 2023 Patch 1, or 2024.
How it could be exploited
An attacker with network access to port 5450 on the PI Data Archive server sends a malicious request that triggers a denial-of-service condition. The request does not require authentication or user interaction.
Prerequisites
  • Network access to TCP port 5450 on PI Data Archive server
  • No authentication required
remotely exploitableno authentication requiredlow complexityhigh availability impact
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
4 pending
ProductAffected VersionsFix Status
PI Data Archive PI Server: <=2018_SP3_Patch_7≤ 2018 SP3 Patch 7No fix yet
PI Data Archive PI Server: 20232023No fix yet
PI Data Archive PI Server: 2023_Patch_12023 Patch 1No fix yet
PI Data Archive PI Server: 20242024No fix yet
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDRestrict inbound access to port 5450 on PI Data Archive nodes to only trusted workstations, users, and software via firewall rules
HARDENINGConfigure PI Data Archive Subsystem services to automatically restart on failure
HARDENINGMonitor liveness of services defined in your installation's "\PI\adm\pisrvstart.bat" file
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PI Server 2018 SP3 Patch 7 or earlier to PI Server 2018 SP3 Patch 8 or higher
HOTFIXUpgrade PI Server 2023 or 2024 versions to PI Server 2024 R2 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fb42d544-ef73-4812-8473-4700fc88de28
AVEVA PI Data Archive | CVSS 7.5 - OTPulse