AVEVA PI Data Archive

MonitorCVSS 7.5ICS-CERT ICSA-26-041-03Feb 10, 2026

AVEVAOSIsoft

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in AVEVA PI Data Archive allows an attacker to crash subsystem services via a specially crafted request sent to port 5450, resulting in a denial-of-service condition. Affected versions: PI Server 2018 SP3 Patch 7 and earlier, 2023, 2023 Patch 1, and 2024.

What this means

What could happen

An attacker could trigger a denial-of-service condition on your PI Data Archive server, making it unavailable and disrupting real-time operational data collection and historian functions across your facility.

Who's at risk

Water utilities, electric utilities, and other process facilities that use AVEVA PI Data Archive to log sensor data and operational parameters. This affects your ability to collect and query historical operational data, which is critical for regulatory reporting, troubleshooting, and performance analysis.

How it could be exploited

An attacker with network access to port 5450 (PI RPC) on your PI Data Archive server can send a specially crafted request that causes a subsystem service to crash. If services are not set to auto-restart, the historian goes offline. If they do auto-restart, the attacker can repeat this to cause repeated disruptions to data logging.

Prerequisites

Network access to port 5450 on PI Data Archive server
No authentication required

remotely exploitableno authentication requiredlow complexityno patch available for some versionsaffects data availability

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 pending

ProductAffected VersionsFix Status

PI Data Archive PI Server: <=2018_SP3_Patch_7≤ 2018 SP3 Patch 7No fix yet

PI Data Archive PI Server: 20232023No fix yet

PI Data Archive PI Server: 2023_Patch_12023 Patch 1No fix yet

PI Data Archive PI Server: 20242024No fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict inbound access to port 5450 on PI Data Archive nodes to only trusted workstations and engineering software

HARDENINGConfigure PI Data Archive Subsystem services (monitor via pisrvstart.bat) to automatically restart on failure

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PI Server 2024 versions to 2024 R2 or later

HOTFIXUpgrade PI Server 2018 SP3 versions to 2018 SP3 Patch 8 or higher

HARDENINGMonitor the liveness and restart status of PI Data Archive services listed in pisrvstart.bat on a regular basis

CVEs (1)

CVE-2026-1507

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fb42d544-ef73-4812-8473-4700fc88de28

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.