Primary

Context

AVEVA PI Connector for CygNet Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet, affecting versions through 1.6.14. This vulnerability allows an administrator with local access to the connector admin portal to inject and persist arbitrary JavaScript code. The injected code would be executed by other users who visit the affected pages.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the injection of malicious scripts that are executed in the context of the user's browser.

Remediation

Users can upgrade to PI Connector for CygNet version 1.7.0 or higher to address this vulnerability. For additional information, refer to the AVEVA Security Bulletin AVEVA-2025-002.

Added: Jun 12, 2025, 8:22 PM

Updated: Jun 12, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

3.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

3.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVEVA PI Connector for CygNet Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

AVEVA PI Connector for CygNet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating