CVE-2025-36539 is a vulnerability identified in the AVEVA PI Data Archive product, specifically affecting the 2023 version. The vulnerability is classified under CWE-248, which corresponds to an uncaught exception scenario. In this case, the flaw allows an authenticated user to trigger an unhandled exception that causes the shutdown of critical PI Data Archive subsystems. The PI Data Archive is a core component of the AVEVA PI System, widely used for real-time data infrastructure in industrial environments, including manufacturing, energy, utilities, and process industries. The vulnerability does not impact confidentiality or integrity of data but directly affects availability by enabling denial of service (DoS) conditions. The CVSS v3.1 base score is 6.5 (medium severity), with vector metrics indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). Exploitation requires the attacker to have authenticated access to the system, which implies insider threat or compromised credentials. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability arises from insufficient exception handling in the software, which can be triggered to disrupt essential subsystems, potentially halting data collection, storage, or retrieval processes critical for operational technology (OT) environments relying on PI Data Archive for monitoring and control.

For European organizations, especially those in critical infrastructure sectors such as energy, utilities, manufacturing, and transportation, this vulnerability poses a significant risk to operational continuity. The AVEVA PI System is widely deployed across Europe in industries that depend on real-time data for process optimization and safety monitoring. A denial of service attack exploiting this vulnerability could lead to interruptions in data availability, impacting decision-making, automated control systems, and regulatory compliance reporting. While it does not compromise data confidentiality or integrity, the loss of availability can cause operational delays, safety risks, and financial losses. Organizations with distributed or remote OT environments may face challenges in rapid recovery, increasing downtime. Additionally, the requirement for authenticated access means that insider threats or attackers who have gained legitimate credentials could leverage this vulnerability to disrupt operations. The absence of known exploits currently reduces immediate risk, but the medium severity score and ease of exploitation (low complexity) indicate that threat actors could develop exploits in the near future, especially targeting European industrial sectors with high AVEVA PI adoption.

1. Implement strict access controls and monitoring: Since exploitation requires authenticated access, enforce multi-factor authentication (MFA) for all users accessing the PI Data Archive systems. 2. Conduct regular credential audits and promptly revoke access for inactive or unnecessary accounts to reduce insider threat risks. 3. Monitor system logs and alerts for unusual shutdown events or exceptions within the PI Data Archive subsystems to detect potential exploitation attempts early. 4. Segment the network to isolate PI Data Archive servers from general IT networks, limiting exposure to compromised credentials. 5. Develop and test incident response plans specifically for PI Data Archive availability disruptions to minimize downtime. 6. Engage with AVEVA support channels to obtain patches or workarounds as soon as they become available, and prioritize timely deployment. 7. Consider deploying application-layer firewalls or intrusion detection systems tuned to detect anomalous authenticated user behavior targeting PI Data Archive services. 8. Train operational staff to recognize and report suspicious activity related to PI Data Archive access and subsystem behavior. These measures go beyond generic advice by focusing on the authenticated nature of the exploit, emphasizing insider threat mitigation, and operational continuity planning specific to PI Data Archive environments.