The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision API. PI Web API versions 2017 R2 and prior are affected. Successful exploitation of these vulnerabilities could allow escalated privileges and may allow remote code execution. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1 or PI AF Services 2017 R2 Update 1, which both address the PI Web API vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.