AVEVA PI to CONNECT Agent Vulnerability Exposes Proxy Servers to Unauthorized Access (ICSA-26-041-04)

AVEVA PI to CONNECT Agent Vulnerability Enables Unauthorized Proxy Access

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability in AVEVA PI to CONNECT Agent that could allow unauthorized access to proxy servers. The flaw, tracked under ICSA-26-041-04, affects all versions of the software up to and including 2.12.1.

Technical Details

The vulnerability, while not assigned a CVE ID in the advisory, poses a significant risk to organizations relying on AVEVA’s industrial software solutions. Successful exploitation could grant attackers access to internal proxy servers, potentially leading to further lateral movement or data exfiltration within compromised networks.

Affected versions include:

• PI to CONNECT Agent ≤2.12.1

CISA’s advisory provides a CSAF (Common Security Advisory Framework) document for technical reference, though specific exploitation mechanics remain undisclosed.

Impact Analysis

Unauthorized access to proxy servers can serve as a critical foothold for threat actors, particularly in operational technology (OT) environments. Attackers could:

• Bypass network segmentation by leveraging the proxy as a pivot point.
• Intercept or manipulate traffic passing through the proxy.
• Escalate privileges if the proxy integrates with other critical systems.

Given AVEVA’s widespread use in industrial control systems (ICS), this vulnerability could have cascading effects on sectors such as energy, manufacturing, and water treatment.

Recommendations

CISA urges organizations to:

1. Apply patches or mitigations provided by AVEVA immediately.
2. Restrict access to the PI to CONNECT Agent to trusted networks only.
3. Monitor proxy server logs for unusual activity, such as unauthorized connection attempts.
4. Review network segmentation to limit the potential impact of a breach.

For further details, refer to the official CISA advisory (ICSA-26-041-04).