← Back to home
ICSA-16-287-01  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability

CVSS 6.4 MEDIUM

CVEs (1)

Remediations

  • OSIsoft recommends upgrading to PI Web API version 2016 (1.7.0.176) or greater to address the vulnerability.
  • OSIsoft recommends configuring least privilege mappings in the PI System for the PI Web API service account user. If the PI Web API service account user is a domain account, the implicit default mappings are to the Everyone and PIWorld PI identities, which typically serve read-only access roles.
  • OSIsoft also recommends using a host-based firewall to limit access to PI Web API port 443 to only trusted workstations and software.
  • For more information on this vulnerability, please refer to OSIsoft’s Security Bulletin AL00306 on this topic, which was released on OSIsoft’s web site on September 13, 2016: (https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00306)

Affected Vendors

OSIsoft

Affected Products (1)

OSIsoft · PI Web API 2015 R2 1.5.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more