AVEVA PI Connector for CygNet

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to persist arbitrary code in the administrative portal of the product or cause a denial-of-service condition.

CVEs (2)

Remediations

• AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected product versions should apply security updates to mitigate the risk of exploit.
• All affected versions of PI Connector for CygNet can be fixed by upgrading to PI Connector for CygNet v1.7.0 or higher. From OSISoft Customer Portal, search for "PI Connector for CygNet" and select Version 1.7.0 or higher.
• AVEVA further recommends users follow general defensive measures:
• Ensure that PI Connector for CygNet administrative access is only provided to trusted entities.
• Audit custom installation folder Access Control Lists (ACLs) to ensure access is only provided to trusted entities.
• Audit and limit membership to the OS Local "Administrators" and "PI Connector Administrators" groups.
• For additional information please refer to AVEVA-2025-002.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing