AVEVA PI to CONNECT Agent
MonitorCVSS 6.5ICS-CERT ICSA-26-041-04Feb 10, 2026
AVEVAOSIsoft
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
PI to CONNECT Agent versions up to v2.4.2520 expose proxy connection details (including username, password, and server address) in event logs. An attacker with local or network access to the Agent system can read these logs and obtain credentials to the proxy server, potentially gaining unauthorized access to downstream systems protected by that proxy.
What this means
What could happen
An attacker with local access to the PI to CONNECT Agent system could read exposed proxy credentials from event logs, potentially gaining unauthorized access to your PI proxy server and the systems it protects.
Who's at risk
Organizations using AVEVA PI to CONNECT Agent for data integration between PI data hubs and on-premises systems should assess their deployment. This affects users relying on the Agent for secure proxy communication with AVEVA CONNECT services.
How it could be exploited
An attacker with local or network access to the PI to CONNECT Agent system reads event logs to extract proxy connection credentials (username, password, server address). Using these credentials, the attacker connects to the proxy server to access downstream systems or intercept data.
Prerequisites
- Local or network access to the PI to CONNECT Agent system
- Ability to read event log files on the Agent system
- Standard or elevated user credentials on the Agent system
Credential exposure in logsNo authentication required to read log files if system access is obtainedAffects data hub connectivity and proxy trust
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
PI to CONNECT Agent: <=v2.4.2520≤ v2.4.2520v2.5.2790 or higher
Remediation & Mitigation
0/4
Do now
0/2HARDENINGReview existing PI to CONNECT Agent event logs (current, backed up, and archived copies) for exposed proxy connection details (username, password, server address)
WORKAROUNDPurge or redact proxy credentials from discovered event log files
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade PI to CONNECT Agent to version v2.5.2790 or higher
HARDENINGChange proxy service credentials after reviewing logs to invalidate any exposed passwords
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3c04dc43-23f3-4223-80a5-22eab273ec57Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.