OSIsoft PI Updates
2169Warning Date
Severity Level
Warning Number
Target Sector
11 June, 2020
● High
2020-1345
All
Description:
OSIsoft has released security update to address multiple vulnerabilities in the following versions of PI System :
- Applications using PI Asset Framework (AF) Client
- versions prior to and including PI AF Client 2018 SP3 Patch 1
- Version 2.10.7.283
- Applications using PI Software Development Kit (SDK)
- versions prior to and including PI SDK 2018 SP1
- Version 1.4.7.602
- PI API for Windows Integrated Security
- versions prior to and including 2.0.2.5,
- PI API
- versions prior to and including 1.6.8.26
- PI Buffer Subsystem
- versions prior to and including 4.8.0.18
- PI Connector for BACnet
- versions prior to and including 1.2.0.6
- PI Connector for CygNet
- versions prior to and including 1.4.0.17
- PI Connector for DC Systems RTscada
- versions prior to and including 1.2.0.42
- PI Connector for Ethernet/IP
- versions prior to and including 1.1.0.10
- PI Connector for HART-IP
- versions prior to and including 1.3.0.1
- PI Connector for Ping
- versions prior to and including 1.0.0.54
- PI Connector for Wonderware Historian
- versions prior to and including 1.5.0.88
- PI Connector Relay
- versions prior to and including 2.5.19.0
- PI Data Archive
- versions prior to and including PI Data Archive 2018 SP3
- Version 3.4.430.460
- PI Data Collection Manager
- versions prior to and including 2.5.19.0
- PI Integrator for Business Analytics
- versions prior to and including 2018 R2 SP1
- Version 2.2.0.183
- PI Interface Configuration Utility (ICU)
- versions prior to and including 1.5.0.7
- PI to OCS
- versions prior to and including 1.1.36.0
- PI Connector for IEC 60870-5-104
- versions prior to and including 1.2.2.79
- PI Connector for OPC-UA
- versions prior to and including 1.3.0.130
- PI Connector for Siemens Simatic PCS 7
- versions prior to and including 1.2.1.71
- PI Connector for UFL
- versions prior to and including 1.3.1.135
- PI Data Archive 2018 and 2018 SP2 only
- PI Data Archive 2018 SP2
- PI Vision 2019
- prior
- PI Manual Logger 2017 R2 Patch 1
- and prior
- RtReports
- Version 4.1 and prior
- PI Vision 2019
- and prior versions
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Information disclosure, deletion, or modification.
- Cross-site scripting (XSS)
- Improper Input Validation
- Improper Verification of Cryptographic Signature
Best practice and Recommendations:
The CERT team encourages users to review OSIsoft security advisory and apply the necessary updates: