AVEVA PI to CONNECT Agent Insertion of Sensitive Information into Log Files Vulnerability

Vulnerability

A vulnerability exists in AVEVA PI to CONNECT Agent versions through 2.4.2520, allowing an attacker with Event Log Reader privileges to access proxy details, including URLs and credentials, from the PI to CONNECT event log files. This could lead to unauthorized access to the proxy server.

Impact

Exploitation of this vulnerability could result in unauthorized access to the proxy server.

Added: Feb 11, 2026, 2:40 AM

Updated: Feb 11, 2026, 2:40 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

2.9

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

2.9

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVEVA PI to CONNECT Agent Insertion of Sensitive Information into Log Files Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating