ICSA-20-315-02 · Published 2020-11-10 · View on CISA ICS-CERT ↗

OSIsoft PI Vision

CVSS 7.7 HIGH

Risk Summary

Successful exploitation of these vulnerabilities may allow a remote attacker with write access to the PI ProcessBook files to inject code that is imported into PI Vision, or disclose information to a user with insufficient privileges.

CVEs (2)

CVE-2020-25163 CVE-2020-25167

Remediations

OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these vulnerabilities.
Recommended defensive measures and related configuration settings are described on the OSIsoft customer portal (Login required).

Affected Vendors

OSIsoft LLC

Affected Products (1)

OSIsoft LLC · PI Vision 2020 < PI Vision 2020

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more