Primary

Context

AVEVA PI Integrator for Business Analytics Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

A vulnerability exists in AVEVA PI Integrator for Business Analytics, specifically in version 2020 R2 SP1 and all prior versions. This vulnerability allows authenticated users with privileges to create or access publication targets of type Text File or HDFS to upload and persist files that could potentially be executed. This issue is categorized as an unrestricted file upload vulnerability, which could lead to arbitrary code execution.

Impact

Exploitation of this vulnerability could allow an authenticated user to upload files that may be executed on the server, potentially leading to unauthorized code execution.

Remediation

Users are advised to upgrade to AVEVA PI Integrator for Business Analytics version 2020 R2 SP2 or higher. Instructions for downloading the update are available on the OSISoft Customer Portal.

Added: Aug 21, 2025, 8:25 PM

Updated: Aug 21, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVEVA PI Integrator for Business Analytics Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating