CVE-2025-4418
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
An improper validation of integrity check value vulnerability exists in
AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges to modify PI Connector for CygNet local data files (cache and buffers) in a way that causes the connector service to become unresponsive.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AVEVA | PI Connector for CygNet | 0 <= 1.6.14 | affected |
Weaknesses
- CWE-354: CWE-354
Workarounds
AVEVA further recommends users follow general defensive measures:
Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.
Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.
Audit and limit membership to the OS Local "Administrators" and "PI Connector Administrators" groups.
For additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/
.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.