CVE-2025-64769
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aveva | pi_integrator_for_business_analytics | 2020_r2_sp1 |
| aveva | pi_web_api | * |
| aveva | pi_connector_for_cygnet | * |
| aveva | pi_data_archive | * |
| aveva | suitelink_server | * |
| aveva | historian_server | * |
| aveva | pi_af_client | * |
| aveva | edge | * |
| aveva | pi_server | * |
| aveva | operations_control_logger | * |
| aveva | plant_scada | * |
| aveva | telemetry_server | * |
| aveva | intouch_access_anywhere | * |
| aveva | system_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because the Process Optimization application suite uses connection channels and protocols that are not encrypted by default. This lack of encryption can allow attackers to hijack the connection or leak data through man-in-the-middle attacks or passive inspection.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information, data leakage, or hijacking of communication channels within the affected Process Optimization applications. This can compromise confidentiality and integrity of data, potentially disrupting operations or exposing critical information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the latest security updates and patches provided by AVEVA for the affected products to address vulnerabilities including unencrypted connection channels. Refer to AVEVA's official cyber security updates page for the relevant patches and advisories. [1]