BACK TO NEWS
CERT Advisories

AVEVA PI Data Archive Vulnerability Enables Denial-of-Service Attacks

2 min readSource: INCIBE-CERT

INCIBE-CERT warns of a critical DoS vulnerability in AVEVA's PI Data Archive, potentially disrupting industrial data operations.

AVEVA PI Data Archive Vulnerability Exposes Systems to Denial-of-Service Attacks

Madrid, Spain – February 11, 2026 – INCIBE-CERT, Spain’s national cybersecurity incident response team, has issued an alert regarding a critical denial-of-service (DoS) vulnerability in AVEVA’s PI Data Archive, a widely used industrial data management platform. The flaw could allow threat actors to disrupt operations in sectors reliant on real-time process data, including manufacturing, energy, and utilities.

Technical Details

While specific technical details remain undisclosed by INCIBE-CERT, the vulnerability is classified as a denial-of-service (DoS) risk. PI Data Archive serves as a central repository for time-series data in industrial environments, making its availability critical for operational continuity. A successful DoS attack could lead to:

  • Data acquisition failures in connected systems
  • Delayed or lost process monitoring capabilities
  • Potential cascading effects on dependent industrial control systems (ICS)

No CVE ID has been assigned to this vulnerability at the time of reporting. INCIBE-CERT has directed users to AVEVA’s official security advisories for further updates and mitigation guidance.

Impact Analysis

Organizations using PI Data Archive in operational technology (OT) environments are at risk of:

  • Operational downtime due to disrupted data flows
  • Increased exposure to secondary attacks if systems fail to log critical events
  • Compliance violations in regulated industries where data integrity is mandated

The vulnerability’s severity is heightened by PI Data Archive’s role in real-time decision-making for industrial processes. A prolonged outage could result in financial losses, safety risks, or regulatory penalties.

Recommendations

INCIBE-CERT and AVEVA urge affected organizations to:

  1. Monitor AVEVA’s security advisories for patches or workarounds.
  2. Implement network segmentation to isolate PI Data Archive instances from untrusted networks.
  3. Deploy intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic patterns.
  4. Review incident response plans to ensure rapid recovery from DoS events.
  5. Apply principle of least privilege to limit access to PI Data Archive services.

For further details, refer to the INCIBE-CERT advisory.

This is a developing story. Updates will be provided as more information becomes available.

Share

TwitterLinkedIn