CVE-2025-4418

Summary

An improper validation of integrity check value vulnerability exists in

AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges to modify PI Connector for CygNet local data files (cache and buffers) in a way that causes the connector service to become unresponsive.

Affected Software

VendorProductVersion RangeStatus
AVEVAPI Connector for CygNet0 <= 1.6.14affected

Weaknesses

  • CWE-354: CWE-354

Workarounds

AVEVA further recommends users follow general defensive measures:

  • Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.

  • Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.

  • Audit and limit membership to the OS Local "Administrators" and "PI Connector Administrators" groups.

For additional information please refer to AVEVA-2025-002 https://www.aveva.com/en/support-and-success/cyber-security-updates/

.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References