Your review has been sent successfully

OSIsoft PI Updates

2169
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

11 June, 2020

● High

2020-1345

All

Description:

OSIsoft has released security update to address multiple vulnerabilities in the following versions of PI System :

  • Applications using PI Asset Framework (AF) Client
    • versions prior to and including PI AF Client 2018 SP3 Patch 1
    • Version 2.10.7.283
  • Applications using PI Software Development Kit (SDK)
    • versions prior to and including PI SDK 2018 SP1
    • Version 1.4.7.602
  • PI API for Windows Integrated Security
    • versions prior to and including 2.0.2.5,
  • PI API
    • versions prior to and including 1.6.8.26
  • PI Buffer Subsystem
    • versions prior to and including 4.8.0.18
  • PI Connector for BACnet
    • versions prior to and including 1.2.0.6
  • PI Connector for CygNet
    • versions prior to and including 1.4.0.17
  • PI Connector for DC Systems RTscada
    • versions prior to and including 1.2.0.42
  • PI Connector for Ethernet/IP
    • versions prior to and including 1.1.0.10
  • PI Connector for HART-IP
    • versions prior to and including 1.3.0.1
  • PI Connector for Ping
    • versions prior to and including 1.0.0.54
  • PI Connector for Wonderware Historian
    • versions prior to and including 1.5.0.88
  • PI Connector Relay
    • versions prior to and including 2.5.19.0
  • PI Data Archive
    • versions prior to and including PI Data Archive 2018 SP3
    • Version 3.4.430.460
  • PI Data Collection Manager
    • versions prior to and including 2.5.19.0
  • PI Integrator for Business Analytics
    • versions prior to and including 2018 R2 SP1
    • Version 2.2.0.183
  • PI Interface Configuration Utility (ICU)
    • versions prior to and including 1.5.0.7
  • PI to OCS
    • versions prior to and including 1.1.36.0
  • PI Connector for IEC 60870-5-104
    • versions prior to and including 1.2.2.79
  • PI Connector for OPC-UA
    • versions prior to and including 1.3.0.130
  • PI Connector for Siemens Simatic PCS 7
    • versions prior to and including 1.2.1.71
  • PI Connector for UFL
    • versions prior to and including 1.3.1.135
  • PI Data Archive 2018 and 2018 SP2 only
  • PI Data Archive 2018 SP2
  • PI Vision 2019
  • prior
  • PI Manual Logger 2017 R2 Patch 1
    • and prior
  • RtReports
    • Version 4.1 and prior
  • PI Vision 2019
  • and prior versions

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Information disclosure, deletion, or modification.
  • Cross-site scripting (XSS)
  • Improper Input Validation
  • Improper Verification of Cryptographic Signature

Best practice and Recommendations:

The CERT team encourages users to review OSIsoft security advisory and apply the necessary updates:

Last updated at 11 June, 2020

Rate the content

rate-icon
up icon