← Back to home
ICSA-17-164-03  ·  Published 2017-06-13  ·  View on CISA ICS-CERT ↗

OSIsoft PI Web API 2017

CVSS 7.1 HIGH

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVEs (1)

Remediations

  • OSIsoft recommends that users upgrade to the PI Web API version 2017 (1.9.0) and enable CSRF defense. To enable this option, set the configuration attribute ‘EnableCSRFDefense' to ‘True' in the PI Web API System Configuration element. This element is located at the path "..\OSIsoft\PI Web API\PIWebAPIMachineName\System Configuration" in PI AF Server Configuration database.
  • A new installation of PI Web API 2017 (1.9.0) enables CSRF protection by default.
  • Please see alert AL00316 on the OSIsoft web page for more information about this issue

Affected Vendors

OSIsoft LLC

Affected Products (1)

OSIsoft LLC · PI Web API < 2017 (1.9.0)

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more