OSIsoft PI SQL Client (ICSA-19-253-06) – Product Used in the Energy Sector

The NCCIC has published an advisory on an integer overflow wraparound vulnerability in OSIsoft PI SQL Client. PI SQL Client 2018 (PI SQL Client OLEDB 2018) is affected. Successful exploitation of this vulnerability could allow remote code execution or cause a denial of service, resulting in disclosure, deletion, or modification of information. OSIsoft recommends users upgrade to PI SQL Client 2018 R2 or later to resolve this issue. The NCCIC also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.