OSISoft PI System (Update A) (ICSA-20-133-02)

June 9, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

May 13, 2020

CISA has published an advisory on uncontrolled search path element, improper verification of cryptographic signature, incorrect default permissions, uncaught exception, null pointer dereference, improper input validation, cross-site scripting, and insertion of sensitive information into log file vulnerabilities in OSISoft PI System. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device. OSIsoft has provided a list of workarounds and defensive measures. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.