OSIsoft Update
2155Warning Date
Severity Level
Warning Number
Target Sector
13 May, 2020
● High
2020-1230
All
Description:
OSIsoft has released security update to address multiple vulnerabilities in the following versions of PI System :
- Applications using PI Asset Framework (AF) Client versions prior to and including PI AF Client 2018 SP3 Patch 1, Version 2.10.7.283
- Applications using PI Software Development Kit (SDK) versions prior to and including PI SDK 2018 SP1, Version 1.4.7.602
- PI API for Windows Integrated Security versions prior to and including 2.0.2.5,
- PI API versions prior to and including 1.6.8.26
- PI Buffer Subsystem versions prior to and including 4.8.0.18
- PI Connector for BACnet, versions prior to and including 1.2.0.6
- PI Connector for CygNet, versions prior to and including 1.4.0.17
- PI Connector for DC Systems RTscada, versions prior to and including 1.2.0.42
- PI Connector for Ethernet/IP, versions prior to and including 1.1.0.10
- PI Connector for HART-IP, versions prior to and including 1.3.0.1
- PI Connector for Ping, versions prior to and including 1.0.0.54
- PI Connector for Wonderware Historian, versions prior to and including 1.5.0.88
- PI Connector Relay, versions prior to and including 2.5.19.0
- PI Data Archive versions prior to and including PI Data Archive 2018 SP3, Version 3.4.430.460
- PI Data Collection Manager, versions prior to and including 2.5.19.0
- PI Integrator for Business Analytics versions prior to and including 2018 R2 SP1, Version 2.2.0.183
- PI Interface Configuration Utility (ICU) versions prior to and including 1.5.0.7
- PI to OCS versions prior to and including 1.1.36.0
- PI Data Archive 2018 and 2018 SP2
- PI Data Archive 2018 SP2 and prior versions
- PI Vision 2019 and prior
- PI Manual Logger 2017 R2 Patch 1 and prior
- RtReports Version 4.1 and prior
- PI Vision 2019 and prior versions
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Elevate privileges
- Unauthorized modification
- Unauthorized disclosure of information
- Bypass of a protection mechanism
Best practice and Recommendations:
The CERT team encourages users to review OSIsoft security advisory and apply the necessary updates: