Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AVEVA — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting AVEVA. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AVEVA provides industrial software solutions, primarily focusing on process simulation, asset performance management, and engineering design for sectors like oil and gas, chemicals, and pharmaceuticals. Its platform integrates complex operational technology with enterprise information systems, creating a broad attack surface for cyber threats. Historical vulnerability assessments reveal a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from legacy components or improper input validation within its web-based interfaces. While no catastrophic public breaches have been widely attributed solely to AVEVA software, the high volume of recorded CVEs indicates persistent security hygiene challenges. These defects frequently allow unauthenticated attackers to gain unauthorized access or disrupt critical industrial operations, underscoring the necessity for rigorous patch management and network segmentation in environments utilizing these industrial control systems.

Top products by AVEVA: Process Optimization Edge AVEVA System Platform PI Integrator PI Data Archive PI Server PI Connector for CygNet PI Web API PI Asset Framework Client Pipeline Simulation 2025 PI to CONNECT Agent PI Data Archive PI Server Application Server Historian Web Server SuiteLink Server AVEVA Vijeo Citect and CitectSCADA AVEVA Edge AVEVA Plant SCADA InTouch Access Anywhere AVEVA InTouch Access Anywhere Platform Common Services (PCS) Portal InTouch Wonderware System Platform Vijeo Citect and Citect SCADA
CVE IDTitleCVSSSeverityPublished
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization — Pipeline Simulation 2025CWE-862 9.8 -2026-04-15
CVE-2026-1507 Uncaught Exception vulnerability in AVEVA PI Data Archive — PI Data Archive PI ServerCWE-248 7.5 High2026-02-10
CVE-2026-1495 Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent — PI to CONNECT AgentCWE-532 6.5 Medium2026-02-10
CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information — Process OptimizationCWE-319 7.1 High2026-01-16
CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function — Process OptimizationCWE-676 7.4 High2026-01-16
CVE-2025-64729 AVEVA Process Optimization Missing Authorization — Process OptimizationCWE-862 8.1 High2026-01-16
CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element — Process OptimizationCWE-427 8.8 High2026-01-16
CVE-2025-61943 AVEVA Process Optimization SQL Injection — Process OptimizationCWE-89 8.4 High2026-01-16
CVE-2025-64691 AVEVA Process Optimization Code Injection — Process OptimizationCWE-94 8.8 High2026-01-16
CVE-2025-61937 AVEVA Process Optimization Code Injection — Process OptimizationCWE-94 10.0 Critical2026-01-16
CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting — Application ServerCWE-80 6.9 Medium2025-11-14
CVE-2025-9317 AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm — EdgeCWE-327 8.4 High2025-11-14
CVE-2025-54460 AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type — PI IntegratorCWE-434 7.1 High2025-08-21
CVE-2025-41415 AVEVA PI Integrator Insertion of Sensitive Information into Sent Data — PI IntegratorCWE-201 6.5 Medium2025-08-21
CVE-2025-36539 AVEVA PI Data Archive Uncaught Exception — PI Data ArchiveCWE-248 6.5 Medium2025-06-12
CVE-2025-44019 AVEVA PI Data Archive Uncaught Exception — PI Data ArchiveCWE-248 7.1 High2025-06-12
CVE-2025-2745 AVEVA PI Web API Cross-site Scripting — PI Web APICWE-79 6.5 Medium2025-06-12
CVE-2025-4418 AVEVA PI Connector for CygNet Improper Validation of Integrity Check Value — PI Connector for CygNetCWE-354 4.4 Medium2025-06-12
CVE-2025-4417 AVEVA PI Connector for CygNet Cross-site Scripting — PI Connector for CygNetCWE-79 5.5 Medium2025-06-12
CVE-2024-6456 SQL Injection vulnerability in AVEVA Historian Server — Historian Web ServerCWE-89 8.8AIHighAI2024-08-15
CVE-2024-7113 Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server — SuiteLink ServerCWE-770 4.3AIMediumAI2024-08-13
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API — PI Web APICWE-502 8.8AIHighAI2024-06-12
CVE-2024-3467 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client — PI Asset Framework ClientCWE-502 8.8AIHighAI2024-06-12
CVE-2023-6132 AVEVA Edge products Uncontrolled Search Path Element — AVEVA EdgeCWE-427 7.3 High2024-02-29
CVE-2023-34348 Improper Check or Handling of Exceptional Conditions in Aveva PI Server — PI ServerCWE-703 7.5 High2024-01-18
CVE-2023-31274 Missing Release of Resource after Effective Lifetime vulnerability in Aveva PI Server — PI ServerCWE-772 5.3 Medium2024-01-18
CVE-2022-36970 AVEVA Edge 安全漏洞 — EdgeCWE-356 7.8 -2023-03-29
CVE-2022-36969 AVEVA Edge 代码问题漏洞 — EdgeCWE-611 5.5 -2023-03-29
CVE-2022-28688 AVEVA Edge 代码问题漏洞 — EdgeCWE-427 7.8 -2023-03-29
CVE-2022-28687 AVEVA Edge 代码问题漏洞 — EdgeCWE-427 7.8 -2023-03-29

This page lists every published CVE security advisory associated with AVEVA. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.