- What is the severity of CVE-2023-34348?
- CVE-2023-34348 has been scored as a high severity vulnerability.
- How to fix CVE-2023-34348?
- To fix CVE-2023-34348: All affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for “PI Server” and select version “2023 Patch 1”. For an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for “PI Server” and select version “2018 SP3 Patch 6”. AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible. AVEVA recommends the following defensive measures: * Set the PI Message Subsystem to auto restart. * Monitor the memory usage of the PI Message Subsystem. * Limit network access to port 5450 to trusted workstations and software * Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools. For more information on this vulnerability, including security updates, users should see security bulletin AVEVA-2024-001 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf .
- Is CVE-2023-34348 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2023-34348 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2023-34348?
- CVE-2023-34348 affects Aveva PI Server.