AVEVA PI Integrator Insertion of Sensitive Information into Sent Data

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The vulnerability, if exploited, could allow an authenticated miscreant
(with privileges to access publication targets) to retrieve sensitive
information that could then be used to gain additional access to
downstream resources.

Basic Information

ID CVE-2025-41415

Source icscert

Published Aug 21, 2025 at 19:57

Modified Aug 21, 2025 at 20:13

Affected Product

Vendor AVEVA

Product PI Integrator

Affected Versions AVEVA PI Integrator 0

CWE Classification

CWE-201

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privileges to access publication targets) to retrieve sensitive \ninformation that could then be used to gain additional access to \ndownstream resources.",
    "published": "2025-08-21T19:57:26.099Z",
    "modified": "2025-08-21T20:13:40.413Z",
    "type": "cve",
    "title": "AVEVA PI Integrator Insertion of Sensitive Information into Sent Data",
    "source": "icscert",
    "references": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-004.pdf\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04",
    "id": "CVE-2025-41415",
    "bulletinFamily": "",
    "cwe": [
        "CWE-201"
    ],
    "cvelist": null,
    "sourceData": "AVEVA PI Integrator 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PI Integrator",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

AVEVA PI Integrator Insertion of Sensitive Information into Sent Data_CVE-2025-41415